Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Software_Tool.exe

Overview

General Information

Sample name:Software_Tool.exe
Analysis ID:1571118
MD5:9af27765527617e9d75b5ee6b418c8d6
SHA1:0e5f46cf55abe0746e8ddf5d7980ad0a5475e8e7
SHA256:e92ee1bc7c053bfb6b65bfce216a97d3ba5fd4f09bf9fd4f530101a60bb19030
Tags:exeuser-JaffaCakes118
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Found strings related to Crypto-Mining
Modifies the DNS server
Modifies the hosts file
Modifies the windows firewall
Monitors registry run keys for changes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Uses cmd line tools excessively to alter registry or file data
Uses netsh to modify the Windows network and firewall settings
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the driver directory
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Software_Tool.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\Software_Tool.exe" MD5: 9AF27765527617E9D75B5EE6B418C8D6)
    • AdblockInstaller.exe (PID: 7400 cmdline: "C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741 MD5: 8D7DB88F1FB9C7308F7368AE65E3F0EF)
      • AdblockInstaller.tmp (PID: 7420 cmdline: "C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp" /SL5="$10472,15557677,792064,C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741 MD5: 1228C03BA840482EAC14E25B727F65B5)
        • taskkill.exe (PID: 7804 cmdline: "C:\Windows\System32\taskkill.exe" /f /im Adblock.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
          • conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Adblock.exe (PID: 7932 cmdline: "C:\Users\user\Programs\Adblock\Adblock.exe" --installerSessionId=9e146be91733702593 --downloadDate=2022-12-17T04:04:11 --distId=marketator --pid=741 MD5: C7119E2A05DB13F4888321D28E215C07)
          • crashpad_handler.exe (PID: 8028 cmdline: C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08 MD5: CD2E0167F2E1092816F04BC174C13364)
          • netsh.exe (PID: 7844 cmdline: C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLE MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
          • DnsService.exe (PID: 3384 cmdline: C:\Users\user\Programs\Adblock\DnsService.exe -install MD5: 97A08C6366F4589739209FDB43B4B3EC)
          • DnsService.exe (PID: 2936 cmdline: C:\Users\user\Programs\Adblock\DnsService.exe -start MD5: 97A08C6366F4589739209FDB43B4B3EC)
          • AdblockInstaller.exe (PID: 5740 cmdline: "C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: EF6450AB524057924408DBE29991E99E)
            • AdblockInstaller.tmp (PID: 5516 cmdline: "C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp" /SL5="$404FC,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: F5FE7ED5E8DCD06DD915D9D1015F63F9)
          • AdblockInstaller.exe (PID: 4556 cmdline: "C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: EF6450AB524057924408DBE29991E99E)
            • AdblockInstaller.tmp (PID: 5124 cmdline: "C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp" /SL5="$C0254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: F5FE7ED5E8DCD06DD915D9D1015F63F9)
          • AdblockInstaller.exe (PID: 8112 cmdline: "C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: EF6450AB524057924408DBE29991E99E)
            • AdblockInstaller.tmp (PID: 1312 cmdline: "C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp" /SL5="$140254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: F5FE7ED5E8DCD06DD915D9D1015F63F9)
          • AdblockInstaller.exe (PID: 2500 cmdline: "C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: EF6450AB524057924408DBE29991E99E)
            • AdblockInstaller.tmp (PID: 2852 cmdline: "C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp" /SL5="$904E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: F5FE7ED5E8DCD06DD915D9D1015F63F9)
          • AdblockInstaller.exe (PID: 732 cmdline: "C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: EF6450AB524057924408DBE29991E99E)
            • AdblockInstaller.tmp (PID: 2004 cmdline: "C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp" /SL5="$1104E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE MD5: F5FE7ED5E8DCD06DD915D9D1015F63F9)
        • cmd.exe (PID: 7940 cmdline: "cmd.exe" /c "reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 8020 cmdline: reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • cmd.exe (PID: 8056 cmdline: "cmd.exe" /c "reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • reg.exe (PID: 8120 cmdline: reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f MD5: 227F63E1D9008B36BDBCC4B397780BE4)
        • taskkill.exe (PID: 8184 cmdline: "C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
          • conhost.exe (PID: 2740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7504 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • Adblock.exe (PID: 4928 cmdline: C:\Users\user\Programs\Adblock\Adblock.exe --autorun MD5: C7119E2A05DB13F4888321D28E215C07)
    • crashpad_handler.exe (PID: 6008 cmdline: C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08 MD5: CD2E0167F2E1092816F04BC174C13364)
  • DnsService.exe (PID: 4020 cmdline: C:\Users\user\Programs\Adblock\DnsService.exe MD5: 97A08C6366F4589739209FDB43B4B3EC)
  • Adblock.exe (PID: 8084 cmdline: C:\Users\user\Programs\Adblock\Adblock.exe --autorun MD5: C7119E2A05DB13F4888321D28E215C07)
    • crashpad_handler.exe (PID: 8056 cmdline: C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08 MD5: CD2E0167F2E1092816F04BC174C13364)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dllINDICATOR_EXE_Packed_SilentInstallBuilderDetects executables packed with Silent Install BuilderditekSHen
  • 0x72c7c:$s1: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb
  • 0x6f508:$s2: ->mb!Silent Install Builder Demo Package.

Unpacked PEs

SourceRuleDescriptionAuthorStrings
0.2.Software_Tool.exe.6e150000.3.unpackINDICATOR_EXE_Packed_SilentInstallBuilderDetects executables packed with Silent Install BuilderditekSHen
  • 0x72c7c:$s1: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb
  • 0x6f508:$s2: ->mb!Silent Install Builder Demo Package.

Sigma Signatures

System Summary

barindex
Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Programs\Adblock\Adblock.exe, ProcessId: 7932, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adblock Fast.lnk
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7504, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-09T01:03:15.449981+010020283713Unknown Traffic192.168.2.44973218.165.220.32443TCP
2024-12-09T01:03:19.343582+010020283713Unknown Traffic192.168.2.44973518.165.220.32443TCP
2024-12-09T01:03:21.690748+010020283713Unknown Traffic192.168.2.44973718.165.220.32443TCP
2024-12-09T01:03:28.810210+010020283713Unknown Traffic192.168.2.44974218.165.220.32443TCP
2024-12-09T01:03:40.410149+010020283713Unknown Traffic192.168.2.44977534.120.195.249443TCP
2024-12-09T01:03:55.379324+010020283713Unknown Traffic192.168.2.44980734.120.195.249443TCP
2024-12-09T01:04:03.226564+010020283713Unknown Traffic192.168.2.44981218.165.220.32443TCP
2024-12-09T01:04:05.555553+010020283713Unknown Traffic192.168.2.44981418.165.220.32443TCP
2024-12-09T01:05:34.196058+010020283713Unknown Traffic192.168.2.45003018.165.220.23443TCP
2024-12-09T01:05:36.644287+010020283713Unknown Traffic192.168.2.45003718.165.220.23443TCP
2024-12-09T01:05:38.175825+010020283713Unknown Traffic192.168.2.45004118.165.220.23443TCP
2024-12-09T01:06:10.478979+010020283713Unknown Traffic192.168.2.45012118.165.220.75443TCP
2024-12-09T01:06:12.916372+010020283713Unknown Traffic192.168.2.45012218.165.220.75443TCP
2024-12-09T01:06:14.447475+010020283713Unknown Traffic192.168.2.45012318.165.220.75443TCP
2024-12-09T01:06:35.703351+010020283713Unknown Traffic192.168.2.45014518.165.220.75443TCP
2024-12-09T01:06:38.043115+010020283713Unknown Traffic192.168.2.45014718.165.220.75443TCP
2024-12-09T01:07:03.017030+010020283713Unknown Traffic192.168.2.45016218.165.220.75443TCP
2024-12-09T01:07:05.487897+010020283713Unknown Traffic192.168.2.45016318.165.220.75443TCP
2024-12-09T01:07:07.013667+010020283713Unknown Traffic192.168.2.45016418.165.220.75443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Software_Tool.exeAvira: detected
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dllReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeReversingLabs: Detection: 37%
Source: C:\Users\user\Programs\Adblock\MassiveEngine.exe (copy)ReversingLabs: Detection: 25%
Source: C:\Users\user\Programs\Adblock\is-VF008.tmpReversingLabs: Detection: 25%
Multi AV Scanner detection for submitted file
Source: Software_Tool.exeReversingLabs: Detection: 55%
Source: Software_Tool.exeVirustotal: Detection: 62%Perma Link
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21CA1B CryptStringToBinaryA,CryptStringToBinaryA,_CxxThrowException,_invalid_parameter_noinfo_noreturn,8_2_00007FFDFB21CA1B
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21C35C CryptDestroyHash,8_2_00007FFDFB21C35C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21C32C CryptReleaseContext,8_2_00007FFDFB21C32C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21C514 CryptAcquireContextW,CryptCreateHash,CryptGetHashParam,CryptDestroyHash,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,_CxxThrowException,8_2_00007FFDFB21C514
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----MIIDOjCCAi0GByqGSM44BAEwggIgAoIBAQCWTQ8ee1e5aWG3WXhpP/uE9hOjCVmWbjXKCwsc2SIz5NZ/U4K2NxiowAstfoRhkp5KhPtIyCkd3OA50eaqcGvt3l4omzvC7uiVh9TgHcjNaJ54ryxd4usstkb/7R0UcOOKTUjup4tn0pue+ysh9Z4/7ThheGXw7Glb3bJorUVBS5K7JmHMB3sqOP11Nzb9yR03yLA9U01vIoLElrPR4pqsc1w/G4CoaqZ0x+Qk/H5+NcdPDUYcbcyujQkt+oO2n0HyMfsbmz3KINOeFDch0P56ZME2WoxnG9NGjfwrrtVV9hfNF0h9lphA6DVnMcUMqykoJfMrwj1uXmCyu0M/2NiPAhUAhs3vi4BsQRaAgtuN1N0wjc0H3E0CggEAIDiTbLDtNMvopZCYgx8ordj+lqK9s1E0+gneUaZEC6mRtL5GxRNPch6kFXMxpXFtuBRIFOukZxg53hzUYXb3dw49JUHs/qBrmc+CYlKUMJe8N3nR5I11ua0y+0I6gaNJN7vxL6oHuFEP4z353qBYSmPcme/HP5NOBe177dRLoKiHtVkGFzzJQCYpBKWFTHacd7DhwwoO4EFCjqFJsMQ0904ecoHd2iS61ZVp83cX7a4r0m7N4eg/xtuImX2WIr4huMdsQjc1ft5/hXbQkPiAA/PrjUCPLXOxJr4njLYEoolt3fQYzavlWDLIPS4T3ma9uz6zApWx2C/3Xf2GZK4lPAOCAQUAAoIBAEI3jyqe0dNlVWLBvcxwe1sefccVjSRZRKZzslEItwY8r9pjdN9SNc4SAl0JpQDoj6aVK4EjGBN9ut42PVSsyzIX5h5kuv4aKXdwBYFp/wPMbBpmhVAHeSxYVp/Ev8QX9mYBfmbBRiZDTmJ6u/Qpdo+0KpKZ2UrwlhNxZsJkdb/21e+VtCP8aDjyxtxqEB5QI+8dpFSziDXAQMkgKpJrI2HzeX+OvRAKD6bkSwk3izqMAwX2Mt23K/dJ/i25wCo9bkpqWyjGtvpA06LKm9/BmORDMCB4sBgsq0p9Mbh0DzKuiF891j2SZVXQ0WxD/VGNIT6zdrEMyi30BtFsxXQo+uw=-----END PUBLIC KEY-----memstr_2cad8d30-5

Bitcoin Miner

barindex
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DAAC0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,??1_Lockit@std@@QEAA@XZ,8_2_00007FFDFA5DAAC0
Found strings related to Crypto-Mining
Source: Adblock.exe, 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpString found in binary or memory: .?AV?$_Ref_count_obj2@VxmrMiner@@@std@@
Source: DnsService.exe, 00000019.00000003.2212057590.000002864470F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ws022.coinhive.com.
Source: Software_Tool.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #001.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #002.txt
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #003.txt
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #004.txt
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #005.txt
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #006.txt
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.161.113:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.161.113:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.74.54:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.23:443 -> 192.168.2.4:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.23:443 -> 192.168.2.4:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50147 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50164 version: TLS 1.2
Source: Software_Tool.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\Adblock.pdb source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibClr\obj\Release\SibClr.pdb source: Software_Tool.exe, Software_Tool.exe, 00000000.00000002.4207414263.0000000010BB2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: ads.pdbarea.com. source: DnsService.exe, 00000019.00000002.4196929870.00000286451B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vladimir\dev\massivesdk\cmake-build-vs16-x64-embedded\bin\RelWithDebInfo\mining_gpu.pdb source: Adblock.exe, 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmp, Adblock.exe, 00000014.00000002.2041589891.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\DnsService.pdb source: DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: R:\massivesdk_master\core\mining\gpu\external\SysGpuInfoEx\x64\RelDLL\SysGpuInfoEx.pdbKK source: Adblock.exe, 00000008.00000002.4226257353.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp, Adblock.exe, 00000014.00000002.2041058267.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: R:\massivesdk_master\core\mining\gpu\external\SysGpuInfoEx\x64\RelDLL\SysGpuInfoEx.pdb source: Adblock.exe, 00000008.00000002.4226257353.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp, Adblock.exe, 00000014.00000002.2041058267.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb} source: Software_Tool.exe, 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy -Zi -O2 -Ob1 -MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\SPCDNS.pdb source: DnsService.exe, 00000017.00000002.2039955699.00007FFE1A4F5000.00000002.00000001.01000000.00000020.sdmp, DnsService.exe, 00000018.00000002.2042859956.00007FFE1A4F5000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\Projects\_massive\winsparkle-fork\x64\Release\WinSparkle.pdb source: Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb source: Software_Tool.exe, 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\.conan\5199c1\1\build_subfolder\bin\crashpad_handler.pdb source: AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy -Zi -O2 -Ob1 -MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\ex_data.c source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\vladimir\dev\massivesdk\cmake-build-vs16-x64-embedded\bin\RelWithDebInfo\MassiveEmbedded.pdb source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAEDE000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAEDE000.00000002.00000001.01000000.00000013.sdmp
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E181C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_6E181C23
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E190F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_6E190F62
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F493BC _errno,_invalid_parameter_noinfo,_errno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,_wsopen_s,_fstat64i32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,__wdtoxmode,_errno,GetLastError,_dosmaperr,FindClose,8_2_00007FFDF9F493BC
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE72AAF0 FindFirstFileExW,12_2_00007FF7FE72AAF0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE72A270 FindFirstFileExW,abort,12_2_00007FF7FE72A270
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /dist/match?productId=adblockfast&distId=marketator&downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&installerSessionId=9e146be91733702593&pid=741&installType=installPath HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: POST /telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prod HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 297Content-Type: application/x-www-form-urlencoded
Source: global trafficHTTP traffic detected: POST /telemetry?source=app&env=prod HTTP/1.1Host: api.joinmassive.comAccept: */*Content-Type: application/jsonx-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 248
Source: global trafficHTTP traffic detected: GET /postback/adblockfast/default?downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&pid=741 HTTP/1.1Host: api.joinmassive.comAccept: */*
Source: global trafficHTTP traffic detected: GET /sdk/config?stage=prod&uid=4c6fdfc9-de78-4899-8dc6-365b9c5db799 HTTP/1.1x-api-key: 5oydibnqoD6t310DYGMUh7y4e2WWpHvvapKEL4pFConnection: CloseHost: api.joinmassive.com
Source: global trafficHTTP traffic detected: POST /telemetry?source=app&env=prod HTTP/1.1Host: api.joinmassive.comAccept: */*Content-Type: application/jsonx-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 488
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/list.txt HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /raw HTTP/1.1Host: myexternalip.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/adguard_filtered.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.joinmassive.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/adservers.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/facebook.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: POST /telemetry?source=app&env=prod HTTP/1.1Host: api.joinmassive.comAccept: */*Content-Type: application/jsonx-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 248
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/domains.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/custom.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: POST /telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prod HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 315Content-Type: application/x-www-form-urlencoded
Source: Joe Sandbox ViewIP Address: 9.9.9.9 9.9.9.9
Source: Joe Sandbox ViewIP Address: 104.26.3.25 104.26.3.25
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknownDNS query: name: myexternalip.com
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49737 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49775 -> 34.120.195.249:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49807 -> 34.120.195.249:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49814 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49812 -> 18.165.220.32:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50030 -> 18.165.220.23:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50037 -> 18.165.220.23:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50041 -> 18.165.220.23:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50121 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50122 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50123 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50145 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50147 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50163 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50164 -> 18.165.220.75:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50162 -> 18.165.220.75:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2133A4 InternetOpenUrlA,InternetSetStatusCallbackW,InternetCloseHandle,HttpQueryInfoA,HttpQueryInfoA,HttpQueryInfoA,strstr,InternetQueryOptionA,GetLastError,InternetQueryOptionA,InternetReadFileExW,GetLastError,_CxxThrowException,_invalid_parameter_noinfo_noreturn,_CxxThrowException,CloseHandle,8_2_00007FFDFB2133A4
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /dist/match?productId=adblockfast&distId=marketator&downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&installerSessionId=9e146be91733702593&pid=741&installType=installPath HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /939/AdblockInstaller.exe HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.adblockfast.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /postback/adblockfast/default?downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&pid=741 HTTP/1.1Host: api.joinmassive.comAccept: */*
Source: global trafficHTTP traffic detected: GET /sdk/config?stage=prod&uid=4c6fdfc9-de78-4899-8dc6-365b9c5db799 HTTP/1.1x-api-key: 5oydibnqoD6t310DYGMUh7y4e2WWpHvvapKEL4pFConnection: CloseHost: api.joinmassive.com
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/list.txt HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /raw HTTP/1.1Host: myexternalip.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/adguard_filtered.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.joinmassive.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/adservers.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1Host: api.joinmassive.comAccept: */*x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/facebook.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/domains.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/domains/custom.conf HTTP/1.1Host: cdn.computewall.comAccept: */*
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /939/AdblockInstaller.exe HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.adblockfast.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /939/AdblockInstaller.exe HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.adblockfast.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /939/AdblockInstaller.exe HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.adblockfast.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /939/AdblockInstaller.exe HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.adblockfast.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /adblockfast/marketator/windows/appcast.xml HTTP/1.1User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)Host: downloads.joinmassive.comCache-Control: no-cache
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tr-tr.www.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: tr-tr.www.0.facebook.com.acebo# equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.apache.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.apache.mirror.facebook.net.e equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.bankasya.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.beta.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.c.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.c.facebook.com.H equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.centos.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.cinyourrc.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.clientsidetesticici.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.clientsidetesticici.facebook.com.< equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.com.tr.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.com.tr.0.facebook.com.ok.c equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.connect.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.connect.facebook.net.ceboo equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.cpan.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.cpan.mirror.facebook.net.. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.dewey-lfs.vip.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.dewey.vip.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.dewey.vip.facebook.com.g equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.ebudy.com.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.ebudy.com.0.facebook.com.6 equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facedome.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.facedome.facebook.net.7902 equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.fedora.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.goalmaximesaj.com.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.goalmaximesaj.com.0.facebook.com.@ equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.google.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.google.0.facebook.com.a.fb) equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.graph.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.graph.facebook.com.1538026 equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.intern.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.intern.facebook.com.ebook.^ equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.m.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.m.0.facebook.com.cebook.co equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.new.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.opera.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.php.mirror.facebook.net. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.presto.vip.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.presto.vip.facebook.com..f equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.proxygen-verifier.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.s-static.ak.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.sims.vvv.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.static.ak.connect.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.static.ak.connect.facebook.com.l equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.svn.vip.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.svn.vip.facebook.com./ equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193600959.000002864494C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.symsrv.vip.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.telkomsel.com.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.telkomsel.com.0.facebook.com.T equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.turkcell-imbenim.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.turkcelluygulamalar.com.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.turkcelluygulamalar.com.0.facebook.com.< equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.vodafone.com.0.facebook.com. equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.vodafone.com.0.facebook.com.4 equals www.facebook.com (Facebook)
Source: DnsService.exe, 00000019.00000002.4193226085.000002864492A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.yocto-mirror.vip.facebook.com. equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: api.joinmassive.com
Source: global trafficDNS traffic detected: DNS query: downloads.joinmassive.com
Source: global trafficDNS traffic detected: DNS query: downloads.adblockfast.com
Source: global trafficDNS traffic detected: DNS query: o428832.ingest.sentry.io
Source: global trafficDNS traffic detected: DNS query: cdn.computewall.com
Source: global trafficDNS traffic detected: DNS query: myexternalip.com
Source: unknownHTTP traffic detected: POST /telemetry?source=installer&env=prod HTTP/1.1Connection: Keep-AliveContent-Type: application/json; Charset=UTF-8Accept: */*User-Agent: InnoSetupx-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrofContent-Length: 478Host: api.joinmassive.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/jsonContent-Length: 42Connection: closeDate: Mon, 09 Dec 2024 00:03:39 GMTx-amz-apigw-id: Cf0KWEa0oAMECrw=x-amzn-RequestId: 51769d78-619d-444a-9346-0f4ce6434610x-amzn-ErrorType: MissingAuthenticationTokenExceptionX-Cache: Error from cloudfrontVia: 1.1 680370d83a2dca8172426cfc0e48cf92.cloudfront.net (CloudFront)X-Amz-Cf-Pop: BAH53-P1X-Amz-Cf-Id: OSVgxxv4zR3bK7OWeJMnZabplk5nJWu2cRDsydGPLY-3D-85p9Ulkg==
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/jsonContent-Length: 42Connection: closeDate: Mon, 09 Dec 2024 00:03:47 GMTx-amz-apigw-id: Cf0LpFy-oAMEcIA=x-amzn-RequestId: 3875eaf7-6ea3-487a-b4b8-262a96d23fa2x-amzn-ErrorType: MissingAuthenticationTokenExceptionX-Cache: Error from cloudfrontVia: 1.1 5008327c23740ce2f9d9ed54c8a489e8.cloudfront.net (CloudFront)X-Amz-Cf-Pop: BAH53-P1X-Amz-Cf-Id: b07_VFL-OncXXBmw8AQOlW4AiJkHzmSrWeG5pUMV0IV7s2IXMKa0VQ==
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://24ways.org/2010/calculating-color-contrast
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTr
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://chartjs.org/
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: svchost.exe, 00000003.00000002.3392508121.000002B659400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://dbaron.org/log/20100309-faster-timeouts
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://dev.w3.org/csswg/css-color/#hwb-to-rgb
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000003.00000003.1750212251.000002B659618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000003.00000003.1750212251.000002B65964D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://es5.github.io/#x15.5.4.20
Source: svchost.exe, 00000003.00000003.1750212251.000002B659691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://indiegamr.com/generate-repeatable-random-numbers-in-js/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://jsperf.com/string-repeat2/2
Source: Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://jsperf.lnkit.com/fast-apply/5
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/docs/#/displaying/format/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/docs/#/get-set/iso-weekday/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/docs/#/parsing/
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/docs/#/parsing/string-format/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4207387810.00000215A4EB9000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4207387810.00000215A4EB9000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2031266258.00000215A568B000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045613603.00000215A553B000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045766666.00000215A5541000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045367853.00000215A5537000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4215731117.00000215A5545000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045474693.00000215A5539000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045858202.00000215A5544000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4208194828.00000215A4EF3000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2031266258.00000215A568B000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: Adblock.exe, 00000008.00000003.2045613603.00000215A553B000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045766666.00000215A5541000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045367853.00000215A5537000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4215731117.00000215A5545000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045474693.00000215A5539000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2045858202.00000215A5544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/zone/value
Source: Software_Tool.exe, 00000000.00000000.1725149801.0000000000409000.00000002.00000001.01000000.00000003.sdmp, Software_Tool.exe, 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.dig
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D08000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4342000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://paulmillr.com)
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://scaledinnovation.com/analytics/splines/aboutSplines.html
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://stackoverflow.com/a/14853974
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://stackoverflow.com/q/3922139
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://stackoverflow.com/questions/8506881/nice-label-algorithm-for-charts-with-minimum-ticks
Source: Adblock.exe, 00000008.00000002.4190900472.000000619CCF7000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle
Source: Adblock.exe, 00000008.00000002.4195530115.0000020DA3FF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#dsaSignature
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#installerArguments
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#minimumSystemVersion
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#os
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLink
Source: Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#shortVersionString
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.andymatuschak.org/xml-namespaces/sparkle#version
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.anujgakhar.com/2014/03/01/binary-search-in-javascript/
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Copyright
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA4589000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoLight
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4221406751.00000215A8120000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0RobotoMedium
Source: Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/features/enable-partial-reads
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/features/enable-partial-readsO
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-content
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-content??http://xml.org/sax/features/validat
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appinf.com/features/no-whitespace-in-element-contents
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.00000000025F9000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4189913139.000000000018C000.00000004.00000010.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-additional-properties-of-the-string.prototype-ob
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-call
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-string.prototype-
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-terms-and-definitions-number-type
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-toobject
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.ecma-international.org/ecma-262/6.0/#sec-typeof-operator-runtime-semantics-evaluation
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.html5canvastutorials.com/advanced/html5-canvas-mouse-coordinates/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.nathanaeluser.com/blog/2013/reading-max-width-cross-browser
Source: Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.openssl.org/support/faq.html
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: http://www.robertpenner.com/easing/
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entities
Source: Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesdllG
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-general-entitiesi.dll
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entities.dll#
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entitiesf
Source: Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/external-parameter-entitiess
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interning
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningY
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/string-interningy
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/features/validation
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handler%
Source: Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handlerB
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/declaration-handlerities
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handler
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml.org/sax/properties/lexical-handlerI
Source: AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.00000000024DF000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://adblockfast.com/
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000ADC000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000255C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com/#contact
Source: AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com/#contact0https://adblockfast.com/
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com//license
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://adblockfast.com/adblockfasthttps://joinmassive.typeform.com/to/vGJAEY4Nhttps://api.joinmassi
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000AC6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com/pf
Source: AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002546000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adblockfast.com/pfT
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://api.joinmassive.com
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/0
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/2
Source: AdblockInstaller.tmp, 00000025.00000003.3578666634.00000000007F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/mM
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/o&W
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://api.joinmassive.com/postback/adblockfast/default
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry/ping?source=app&productId
Source: Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=pr
Source: Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prod
Source: Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prodG
Source: Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prodd=9e1
Source: Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prodindows/appca
Source: Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prodp
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=app&env=prodwindo
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000025.00000003.3578666634.00000000007F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=installer&env=prod
Source: AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=installer&env=prod6h
Source: AdblockInstaller.tmp, 00000025.00000003.3578666634.00000000007F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.com/telemetry?source=installer&env=prodTM
Source: Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.joinmassive.comx
Source: Software_Tool.exe, 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://apreltech.com/SilentInstallBuilder/Doc/&t=event&ec=%s&ea=%s&el=_
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=830565
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.ecmascript.org/show_bug.cgi?id=2416
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.ecmascript.org/show_bug.cgi?id=2465
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.ecmascript.org/show_bug.cgi?id=2482
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.ecmascript.org/show_bug.cgi?id=2515
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=143658
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=143865
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=144190
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1062484
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1063993
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1170742
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=869996
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=907077#c14
Source: DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://cdn.computewall.com/adblockfast/domains/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://cdn.computewall.com/adblockfast/prod/ips.txt
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://cdn.computewall.com/adblockfast/prod/ips.txthttps://api.joinmassive.com/postback/adblockfast
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://cdn.computewall.com/adblockfast/windows/appcast.xml
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://chartjs.gitbooks.io/proposals/content/Platform.html
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=575314
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://code.google.com/p/v8/issues/detail?id=3509
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://code.google.com/p/v8/issues/detail?id=4161
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://code.google.com/p/v8/issues/detail?id=687
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://davidwalsh.name/detect-node-insertion
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Safely_detecting_optio
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListener
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/line-height
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/CSS/used_value
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Events
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/imul
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://dl.dropboxusercontent.com/u/34601363/toomuchscience.gif
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://dl.dropboxusercontent.com/u/34601363/yeahscience.gif
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA40C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA40C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/AdblockInstaller.exe
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/AdblockInstaller.exe%q
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/AdblockInstaller.exe0
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/AdblockInstaller.exe5
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/AdblockInstaller.execom/
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.adblockfast.com/939/ller
Source: Adblock.exe, 00000014.00000003.2037172003.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2013091120.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039591062.000001C27D776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.c
Source: Adblock.exe, 00000008.00000002.4197863789.0000020DA4363000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA40AA000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/)
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/P
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/app
Source: Adblock.exe, 00000014.00000003.1988884305.000001C27D768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml#
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml813
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml:
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml=Q
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlGuW
Source: Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlS-PCUSERDOMAIN_ROAMINGPR
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmle
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlen6X
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlj
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmln
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlock
Source: Adblock.exe, 00000014.00000003.2013572347.000001C27F5BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmltemDr7
Source: Adblock.exe, 00000014.00000003.1988884305.000001C27D768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/prod/ips.txt
Source: Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/adblockfast/prod/ips.txtP
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.joinmassive.com/pw)
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://esdiscuss.org/topic/fixing-promise-resolve
Source: svchost.exe, 00000003.00000003.1750212251.000002B6596C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000003.00000003.1750212251.000002B65971A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000003.00000003.1750212251.000002B6596C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000003.00000003.1750212251.000002B6596A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1750212251.000002B6596E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000003.00000003.1750212251.000002B6596C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://gist.github.com/WebReflection/4327762cb87a8c634a29
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://gist.github.com/WebReflection/5593554
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://gist.github.com/nnnick/696cc9c55f4b0beb8fe9
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://gist.github.com/paulirish/5d52fb081b3570c81e3a#box-metrics
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/Raynos/observ-hash/issues/2#issuecomment-35857671
Source: Adblock.exe, 00000008.00000002.4199168174.0000020DA452E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/cha
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/blob/master/LICENSE.md
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2210
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2380#issuecomment-279961569
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2440#issuecomment-256461897
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2538
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/2807
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/3575
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/3781
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/3887
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/4102
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/4152
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/4287
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/4737
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/issues/5111#issuecomment-355934167
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/pull/2640
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/pull/4507
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/pull/4556
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/chartjs/Chart.js/pull/4591#issuecomment-319575939
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/domenic/promises-unwrapping/issues/75
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/es-shims/es5-shim/blob/v3.4.0/es5-shim.js#L1304-L1324
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/facebook/regenerator/issues/274
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/feross/ieee754
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/kkapsner/CanvasBlocker
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/ljharb/is-arguments/blob/master/index.js
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/marcj/css-element-queries
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/moment/moment/issues/1423
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/moment/moment/issues/2166
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/moment/moment/issues/2978
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/moment/moment/pull/1871
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/blob/0.35.3/LICENSE
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/issues/176
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/issues/252
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/issues/314#issuecomment-70293986
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/paulmillr/es6-shim/issues/438
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/petkaantonov/bluebird/wiki/Optimization-killers#32-leaking-arguments
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/sass/libsass/blob/0e6b4a2850092356aa3ece07c6b249f0221caced/functions.cpp#L209
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/Array.prototype.includes
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/ecma262/pull/316
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/proposal-object-getownpropertydescriptors
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/proposal-object-values-entries
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/proposal-promise-finally
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/tc39/proposal-string-pad-start-end
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/umdjs/umd/blob/master/returnExports.js
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/websockets/ws/pull/645
Source: Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zloiro
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/zloirock/core-js/issues/173
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/zloirock/core-js/issues/280
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/zloirock/core-js/issues/339
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://github.com/zloirock/core-js/issues/86#issuecomment-115759028
Source: Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zloiros/339
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2049953197.00000215A55D6000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049757442.00000215A55D0000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049997318.00000215A55D8000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049802325.00000215A55D1000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049853022.00000215A55D2000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050132213.00000215A55DC000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050044293.00000215A55DA000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050089889.00000215A55DB000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4217022412.00000215A55DD000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049902482.00000215A55D3000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://joinmassive.com/
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://joinmassive.com/faq#users
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://joinmassive.com/privacy
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://joinmassive.com/terms
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2049953197.00000215A55D6000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049757442.00000215A55D0000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049997318.00000215A55D8000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2049802325.00000215A55D1000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049853022.00000215A55D2000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050132213.00000215A55DC000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050044293.00000215A55DA000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2050089889.00000215A55DB000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4217022412.00000215A55DD000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.2049902482.00000215A55D3000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://joinmassive.typeform.com/to/vGJAEY4N
Source: AdblockInstaller.exe, 00000001.00000000.1732965272.0000000000401000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4216334054.00000215A5590000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://momentjs.com
Source: DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://myexternalip.com
Source: DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://myexternalip.com/raw
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
Source: Adblock.exe, 00000014.00000003.2037818474.000001C27D726000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039591062.000001C27D726000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io/
Source: Adblock.exe, 00000014.00000003.2037172003.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039591062.000001C27D776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io/api/5420194/envelope/
Source: Adblock.exe, 00000014.00000002.2039956101.000001C27F5B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io/api/5420194/envelope/E
Source: Adblock.exe, 00000014.00000002.2039591062.000001C27D726000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039591062.000001C27D776000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io:443/api/5420194/envelope/
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentr32l
Source: crashpad_handler.exe, 00000015.00000002.2044388379.000001CD5AB80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry
Source: svchost.exe, 00000003.00000003.1750212251.000002B6596C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000003.00000003.1750212251.000002B659656000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://pastebin.com/N21QzeQA)
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://private-api.joinmassive.com
Source: Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://private-api.joinmassive.com$
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: https://sectigo.com/CPS0D
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://stackoverflow.com/q/181348
Source: Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tc3.io/ecmastringindex
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-advancestringindex
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-getsubstitution
Source: Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-regexp.prototype-
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-regexpexec
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.match
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.replace
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.search
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-string.prototype.split
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-toindex
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2822#section-3.3
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://twitter.com/ljharb/status/849335573114363904
Source: Adblock.exe, Adblock.exe, 00000008.00000002.4228306672.00007FFDFB412000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043786208.00007FFDFB412000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://winsparkle.org).
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.google-analytics.com
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002482000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.google-analytics.com/collect
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.google-analytics.com/collect&vtiduaSuccessutils::registry::RegKey::RegKeyFailed
Source: Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collect.com
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collectOU
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collectlockInstaller.exeb
Source: Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/collectysmain.sdb
Source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.google-analytics.comUA-135690027-7https://api.joinmassive.com/sdk/config5oydibnqoD6t310D
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000000.1736350662.0000000000401000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.innosetup.com/
Source: AdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002457000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.iubenda.com/privacy-policy/216992
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.iubenda.com/privacy-policy/216992Uninstalling#uninstallingContact
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.joinmassive.com/
Source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.joinmassive.com/Powered
Source: AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000000.1736350662.0000000000401000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 50064 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
Source: unknownNetwork traffic detected: HTTP traffic on port 50030 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.161.113:443 -> 192.168.2.4:49753 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.66.161.113:443 -> 192.168.2.4:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.67.74.54:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.195.249:443 -> 192.168.2.4:49807 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49812 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.32:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.23:443 -> 192.168.2.4:50030 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.23:443 -> 192.168.2.4:50041 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50121 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50123 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50145 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50147 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50162 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.165.220.75:443 -> 192.168.2.4:50164 version: TLS 1.2
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004050F9 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F9
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E17C790 std::ios_base::good,SendMessageW,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,SendMessageW,SendMessageW,SendMessageW,OpenClipboard,EmptyClipboard,CloseClipboard,PostMessageW,0_2_6E17C790
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E187081 GetKeyState,GetKeyState,GetKeyState,SendMessageW,0_2_6E187081

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies the hosts file
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E154C20 _DebugHeapAllocator,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,std::ios_base::good,ExpandEnvironmentStringsW,_DebugHeapAllocator,Concurrency::details::ContextBase::GetWorkQueueIdentity,Concurrency::details::ContextBase::GetWorkQueueIdentity,GetCurrentThreadId,GetThreadDesktop,CreateDesktopW,GetLastError,SetThreadDesktop,GetLastError,CloseDesktop,CreateProcessW,GetLastError,CloseDesktop,CloseHandle,CreateJobObjectW,AssignProcessToJobObject,_DebugHeapAllocator,Sleep,Sleep,_DebugHeapAllocator,SetThreadDesktop,CloseDesktop,TerminateProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,0_2_6E154C20

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.Software_Tool.exe.6e150000.3.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with Silent Install Builder Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll, type: DROPPEDMatched rule: Detects executables packed with Silent Install Builder Author: ditekSHen
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DA670 GetCurrentProcess,NtQueryInformationProcess,CreateEventA,QueueUserWorkItem,SetWinEventHook,GetMessageA,TranslateMessage,DispatchMessageA,GetMessageA,8_2_00007FFDFA5DA670
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F37540: GetCurrentThreadId,CreateFileA,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,DeviceIoControl,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,CloseHandle,GetCurrentThreadId,CloseHandle,GetCurrentThreadId,8_2_00007FFDF9F37540
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,InitOnceBeginInitialize,ExitWindowsEx,0_2_004038AF
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile created: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile created: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile created: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile created: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile deleted: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_0040737E0_2_0040737E
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406EFE0_2_00406EFE
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004079A20_2_004079A2
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004049A80_2_004049A8
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_10BB5C920_2_10BB5C92
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19AE3E0_2_6E19AE3E
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19CE400_2_6E19CE40
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A9FF60_2_6E1A9FF6
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1AFC010_2_6E1AFC01
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1ABC5D0_2_6E1ABC5D
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1ABB3D0_2_6E1ABB3D
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1877140_2_6E187714
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1977A00_2_6E1977A0
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19756E0_2_6E19756E
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19733C0_2_6E19733C
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB02D402_2_6CB02D40
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB141C22_2_6CB141C2
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB14A892_2_6CB14A89
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_3_00000215A50CF2368_3_00000215A50CF236
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_3_00000215A50CFC528_3_00000215A50CFC52
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F38CA08_2_00007FFDF9F38CA0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F375408_2_00007FFDF9F37540
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F37A908_2_00007FFDF9F37A90
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F3DAA08_2_00007FFDF9F3DAA0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EA29808_2_00007FFDF9EA2980
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F27BB08_2_00007FFDF9F27BB0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9ED58C08_2_00007FFDF9ED58C0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE3B708_2_00007FFDF9EE3B70
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F1C9C08_2_00007FFDF9F1C9C0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE6AF08_2_00007FFDF9EE6AF0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EDCAE38_2_00007FFDF9EDCAE3
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F25E808_2_00007FFDF9F25E80
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F0CE808_2_00007FFDF9F0CE80
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EF6E308_2_00007FFDF9EF6E30
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F23EB08_2_00007FFDF9F23EB0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F00DDD8_2_00007FFDF9F00DDD
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F20F208_2_00007FFDF9F20F20
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F43F888_2_00007FFDF9F43F88
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F03C908_2_00007FFDF9F03C90
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE70518_2_00007FFDF9EE7051
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EDE0008_2_00007FFDF9EDE000
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE5FB78_2_00007FFDF9EE5FB7
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F3ADA08_2_00007FFDF9F3ADA0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F31E508_2_00007FFDF9F31E50
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F032208_2_00007FFDF9F03220
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F362A08_2_00007FFDF9F362A0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EA22008_2_00007FFDF9EA2200
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F2B3108_2_00007FFDF9F2B310
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EF11578_2_00007FFDF9EF1157
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F493BC8_2_00007FFDF9F493BC
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9ED70C08_2_00007FFDF9ED70C0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F150A08_2_00007FFDF9F150A0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EDE3908_2_00007FFDF9EDE390
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9ECE3208_2_00007FFDF9ECE320
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE22B68_2_00007FFDF9EE22B6
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F286708_2_00007FFDF9F28670
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F4469C8_2_00007FFDF9F4469C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EB45008_2_00007FFDF9EB4500
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F0D7E08_2_00007FFDF9F0D7E0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F0E4C08_2_00007FFDF9F0E4C0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EE57D08_2_00007FFDF9EE57D0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F255708_2_00007FFDF9F25570
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9EDD7308_2_00007FFDF9EDD730
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F0F5908_2_00007FFDF9F0F590
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F276108_2_00007FFDF9F27610
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9ED76608_2_00007FFDF9ED7660
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5D3F208_2_00007FFDFA5D3F20
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5D83008_2_00007FFDFA5D8300
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5D21308_2_00007FFDFA5D2130
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DA6708_2_00007FFDFA5DA670
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5D7CB08_2_00007FFDFA5D7CB0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA8BB4308_2_00007FFDFA8BB430
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA8862A08_2_00007FFDFA8862A0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA88EC108_2_00007FFDFA88EC10
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA89A9C08_2_00007FFDFA89A9C0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA89FEE08_2_00007FFDFA89FEE0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA8900308_2_00007FFDFA890030
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA8FAE208_2_00007FFDFA8FAE20
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA8A2D908_2_00007FFDFA8A2D90
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2142688_2_00007FFDFB214268
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2154788_2_00007FFDFB215478
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB31CC308_2_00007FFDFB31CC30
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2D0A848_2_00007FFDFB2D0A84
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21E8B48_2_00007FFDFB21E8B4
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB32E93C8_2_00007FFDFB32E93C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB3249548_2_00007FFDFB324954
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB33FE888_2_00007FFDFB33FE88
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB20BEF48_2_00007FFDFB20BEF4
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB20CD688_2_00007FFDFB20CD68
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2E2DBC8_2_00007FFDFB2E2DBC
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB31D3F08_2_00007FFDFB31D3F0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB32440C8_2_00007FFDFB32440C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB3381BC8_2_00007FFDFB3381BC
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB21207C8_2_00007FFDFB21207C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2B811C8_2_00007FFDFB2B811C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2947648_2_00007FFDFB294764
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2B87CC8_2_00007FFDFB2B87CC
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB3246888_2_00007FFDFB324688
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB2236E08_2_00007FFDFB2236E0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB3346EC8_2_00007FFDFB3346EC
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB3367108_2_00007FFDFB336710
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB23C6408_2_00007FFDFB23C640
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6F3EA012_2_00007FF7FE6F3EA0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A270C12_2_00007FF7FE6A270C
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A104612_2_00007FF7FE6A1046
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE71E08012_2_00007FF7FE71E080
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A303A12_2_00007FF7FE6A303A
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6F7B1012_2_00007FF7FE6F7B10
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A104612_2_00007FF7FE6A1046
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6ADB3012_2_00007FF7FE6ADB30
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A2B2612_2_00007FF7FE6A2B26
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE70FCE012_2_00007FF7FE70FCE0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6F7B1012_2_00007FF7FE6F7B10
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE72B82012_2_00007FF7FE72B820
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6E76B012_2_00007FF7FE6E76B0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A271612_2_00007FF7FE6A2716
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A104612_2_00007FF7FE6A1046
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A104612_2_00007FF7FE6A1046
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE70057012_2_00007FF7FE700570
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE71E08012_2_00007FF7FE71E080
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE70057012_2_00007FF7FE700570
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE7225C012_2_00007FF7FE7225C0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE7145C012_2_00007FF7FE7145C0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A303A12_2_00007FF7FE6A303A
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6FA3A012_2_00007FF7FE6FA3A0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A1A8F12_2_00007FF7FE6A1A8F
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A104612_2_00007FF7FE6A1046
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A165912_2_00007FF7FE6A1659
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A17F312_2_00007FF7FE6A17F3
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6DE13012_2_00007FF7FE6DE130
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A223912_2_00007FF7FE6A2239
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6B620012_2_00007FF7FE6B6200
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A15A012_2_00007FF7FE6A15A0
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dll 9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: String function: 00007FF7FE6A3C3D appears 42 times
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: String function: 00007FF7FE715A3B appears 260 times
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: String function: 00007FF7FE6A1FAF appears 544 times
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: String function: 00007FF7FE6A19D3 appears 340 times
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: String function: 00007FF7FE6A2360 appears 115 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFB311644 appears 31 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFA883590 appears 56 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFB2314B0 appears 38 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFB296EA4 appears 66 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFB32AAB0 appears 33 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFA890600 appears 36 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDFB296F98 appears 49 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDF9F39550 appears 640 times
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: String function: 00007FFDF9F36AD0 appears 841 times
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: String function: 6E18FAC0 appears 55 times
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: String function: 004062CF appears 58 times
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: String function: 6E17F3A0 appears 51 times
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: String function: 6E18F9DF appears 57 times
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: String function: 6E157EA0 appears 41 times
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: String function: 6CB06C80 appears 53 times
Source: AdblockInstaller.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-QNP4V.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-6PM28.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AdblockInstaller.tmp.31.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AdblockInstaller.tmp.34.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AdblockInstaller.tmp.36.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AdblockInstaller.tmp.38.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: AdblockInstaller.tmp.40.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-PPNGI.tmp.2.drStatic PE information: Number of sections : 21 > 10
Source: Software_Tool.exe, 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenameSibuia.dllN vs Software_Tool.exe
Source: Software_Tool.exe, 00000000.00000002.4207491251.0000000010BBE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenameSibClr.dll. vs Software_Tool.exe
Source: Software_Tool.exe, 00000000.00000002.4191020184.00000000006A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Software_Tool.exe
Source: Software_Tool.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f
Source: 0.2.Software_Tool.exe.6e150000.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_SilentInstallBuilder snort2_sid = 930070-930072, author = ditekSHen, description = Detects executables packed with Silent Install Builder, snort3_sid = 930025
Source: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll, type: DROPPEDMatched rule: INDICATOR_EXE_Packed_SilentInstallBuilder snort2_sid = 930070-930072, author = ditekSHen, description = Detects executables packed with Silent Install Builder, snort3_sid = 930025
Source: Software_Tool.exeStatic PE information: Section: .reloc ZLIB complexity 1.002685546875
Source: classification engineClassification label: mal100.adwa.spyw.evad.mine.winEXE@59/131@21/17
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5D8DB0 LocalFree,FormatMessageA,GetLastError,GetLastError,FormatMessageA,strstr,FormatMessageA,LocalFree,8_2_00007FFDFA5D8DB0
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E151870 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,CloseHandle,AdjustTokenPrivileges,CloseHandle,0_2_6E151870
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004044D1 GetDlgItem,GetDlgItem,IsDlgButtonChecked,GetDlgItem,GetAsyncKeyState,GetDlgItem,ShowWindow,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004044D1
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_004024FB CoCreateInstance,0_2_004024FB
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1586A0 LoadResource,LockResource,SizeofResource,0_2_6E1586A0
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
Source: C:\Users\user\Desktop\Software_Tool.exeMutant created: NULL
Source: C:\Users\user\Programs\Adblock\Adblock.exeMutant created: \Sessions\1\BaseNamedObjects\{5DA08AAF-BB68-4A35-B815-0D2018D7C3F3}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7812:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpMutant created: \Sessions\1\BaseNamedObjects\AdblockInstallMutex
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2740:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
Source: C:\Users\user\Desktop\Software_Tool.exeFile created: C:\Users\user\AppData\Local\Temp\nskCC02.tmpJump to behavior
Source: Software_Tool.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;Adblock.exe&quot;)
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;MassiveEngine.exe&quot;)
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Desktop\Software_Tool.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Software_Tool.exeReversingLabs: Detection: 55%
Source: Software_Tool.exeVirustotal: Detection: 62%
Source: crashpad_handler.exeString found in binary or memory: Try '%ls --help' for more information.
Source: crashpad_handler.exeString found in binary or memory: Try '%ls --help' for more information.
Source: crashpad_handler.exeString found in binary or memory: Try '%ls --help' for more information.
Source: crashpad_handler.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\Software_Tool.exeFile read: C:\Users\user\Desktop\Software_Tool.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Software_Tool.exe "C:\Users\user\Desktop\Software_Tool.exe"
Source: C:\Users\user\Desktop\Software_Tool.exeProcess created: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp" /SL5="$10472,15557677,792064,C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im Adblock.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Users\user\Programs\Adblock\Adblock.exe "C:\Users\user\Programs\Adblock\Adblock.exe" --installerSessionId=9e146be91733702593 --downloadDate=2022-12-17T04:04:11 --distId=marketator --pid=741
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c "reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c "reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exe
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\Programs\Adblock\Adblock.exe C:\Users\user\Programs\Adblock\Adblock.exe --autorun
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Windows\System32\netsh.exe C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLE
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\DnsService.exe C:\Users\user\Programs\Adblock\DnsService.exe -install
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\DnsService.exe C:\Users\user\Programs\Adblock\DnsService.exe -start
Source: unknownProcess created: C:\Users\user\Programs\Adblock\DnsService.exe C:\Users\user\Programs\Adblock\DnsService.exe
Source: unknownProcess created: C:\Users\user\Programs\Adblock\Adblock.exe C:\Users\user\Programs\Adblock\Adblock.exe --autorun
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp" /SL5="$404FC,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp" /SL5="$C0254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp" /SL5="$140254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp" /SL5="$904E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp" /SL5="$1104E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Desktop\Software_Tool.exeProcess created: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp" /SL5="$10472,15557677,792064,C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im Adblock.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Users\user\Programs\Adblock\Adblock.exe "C:\Users\user\Programs\Adblock\Adblock.exe" --installerSessionId=9e146be91733702593 --downloadDate=2022-12-17T04:04:11 --distId=marketator --pid=741 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c "reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /c "reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exeJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Windows\System32\netsh.exe C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\DnsService.exe C:\Users\user\Programs\Adblock\DnsService.exe -installJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\DnsService.exe C:\Users\user\Programs\Adblock\DnsService.exe -startJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp" /SL5="$404FC,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp" /SL5="$C0254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp" /SL5="$140254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp" /SL5="$904E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp "C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp" /SL5="$1104E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: msctfmonitor.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: msutb.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: inputswitch.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dui70.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: duser.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: uianimation.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: massiveservice.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winsparkle.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mininggpu.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: sysgpuinfoex.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: atiadlxx.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: atiadlxy.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: nvml.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: perfproc.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: apphelp.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: powrprof.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: version.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: winhttp.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: umpdc.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: massiveservice.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dbghelp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: version.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winhttp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winsparkle.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: urlmon.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mininggpu.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: pdh.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: urlmon.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wininet.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msimg32.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: iertutil.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: srvcli.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: netutils.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: powrprof.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: umpdc.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mswsock.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: sysgpuinfoex.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dxgi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: atiadlxx.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: atiadlxy.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wldp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: nvml.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: winnsi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: amsi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: userenv.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: profapi.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: webio.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: sspicli.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: schannel.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: msasn1.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Programs\Adblock\Adblock.exeSection loaded: gpapi.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: powrprof.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: version.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: winhttp.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: umpdc.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: apphelp.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: spcdns.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: spcdns.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: msvcp140.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: vcruntime140_1.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Programs\Adblock\DnsService.exeSection loaded: spcdns.dll
Source: C:\Users\user\Desktop\Software_Tool.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Adblock.lnk.2.drLNK file: ..\..\..\..\..\Users\user\Programs\Adblock\Adblock.exe
Source: Adblock Fast.lnk.8.drLNK file: ..\..\..\..\..\..\..\..\..\Windows\system32\schtasks.exe
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1Jump to behavior
Source: Software_Tool.exeStatic file information: File size 16489120 > 1048576
Source: Software_Tool.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\Adblock.pdb source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibClr\obj\Release\SibClr.pdb source: Software_Tool.exe, Software_Tool.exe, 00000000.00000002.4207414263.0000000010BB2000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: ads.pdbarea.com. source: DnsService.exe, 00000019.00000002.4196929870.00000286451B4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vladimir\dev\massivesdk\cmake-build-vs16-x64-embedded\bin\RelWithDebInfo\mining_gpu.pdb source: Adblock.exe, 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmp, Adblock.exe, 00000014.00000002.2041589891.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\DnsService.pdb source: DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: R:\massivesdk_master\core\mining\gpu\external\SysGpuInfoEx\x64\RelDLL\SysGpuInfoEx.pdbKK source: Adblock.exe, 00000008.00000002.4226257353.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp, Adblock.exe, 00000014.00000002.2041058267.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: R:\massivesdk_master\core\mining\gpu\external\SysGpuInfoEx\x64\RelDLL\SysGpuInfoEx.pdb source: Adblock.exe, 00000008.00000002.4226257353.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp, Adblock.exe, 00000014.00000002.2041058267.00007FFDFA5DD000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb} source: Software_Tool.exe, 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy -Zi -O2 -Ob1 -MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: D:\a\massiveclients\massiveclients\windows\cmake-build-msvc16-Win64\bin\RelWithDebInfo\SPCDNS.pdb source: DnsService.exe, 00000017.00000002.2039955699.00007FFE1A4F5000.00000002.00000001.01000000.00000020.sdmp, DnsService.exe, 00000018.00000002.2042859956.00007FFE1A4F5000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: C:\Projects\_massive\winsparkle-fork\x64\Release\WinSparkle.pdb source: Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Release\Sibuia.pdb source: Software_Tool.exe, 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: C:\.conan\5199c1\1\build_subfolder\bin\crashpad_handler.pdb source: AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: crypto\stack\stack.ccompiler: cl /Zi /Fdossl_static.pdb /MD /Zl /Gs0 /GF /Gy -Zi -O2 -Ob1 -MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMcrypto\ex_data.c source: AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, DnsService.exe, 00000017.00000000.2037630978.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000017.00000002.2039654618.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000000.2040391361.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000018.00000002.2042455789.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp, DnsService.exe, 00000019.00000000.2041047663.00007FF61AB4A000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: C:\Users\vladimir\dev\massivesdk\cmake-build-vs16-x64-embedded\bin\RelWithDebInfo\MassiveEmbedded.pdb source: Adblock.exe, 00000008.00000002.4227372538.00007FFDFAEDE000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAEDE000.00000002.00000001.01000000.00000013.sdmp

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: SibClr.dll.0.dr, CaProxy.cs.Net Code: RunCaFunction
Source: SibClr.dll.0.dr, CaProxy.cs.Net Code: TestCondition
Source: SibClr.dll.0.drStatic PE information: 0xBD323864 [Sat Aug 2 06:04:20 2070 UTC]
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
Source: AdblockInstaller.exe.0.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.1.drStatic PE information: section name: .didata
Source: is-4S8D7.tmp.2.drStatic PE information: section name: CPADinfo
Source: is-SCJGQ.tmp.2.drStatic PE information: section name: .00cfg
Source: is-SCJGQ.tmp.2.drStatic PE information: section name: CPADinfo
Source: is-IIBD1.tmp.2.drStatic PE information: section name: .nv_fatb
Source: is-IIBD1.tmp.2.drStatic PE information: section name: .nvFatBi
Source: is-QOB6D.tmp.2.drStatic PE information: section name: _SHA3_25
Source: is-QNP4V.tmp.2.drStatic PE information: section name: .didata
Source: is-P4D6E.tmp.2.drStatic PE information: section name: .nv_fatb
Source: is-P4D6E.tmp.2.drStatic PE information: section name: .nvFatBi
Source: is-PPNGI.tmp.2.drStatic PE information: section name: .xdata
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /4
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /19
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /35
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /51
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /63
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /77
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /89
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /102
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /113
Source: is-PPNGI.tmp.2.drStatic PE information: section name: /124
Source: is-6PM28.tmp.2.drStatic PE information: section name: .didata
Source: is-L9G10.tmp.2.drStatic PE information: section name: .00cfg
Source: is-L9G10.tmp.2.drStatic PE information: section name: CPADinfo
Source: AdblockInstaller.exe.8.drStatic PE information: section name: .didata
Source: AdblockInstaller.exe0.8.drStatic PE information: section name: .didata
Source: AdblockInstaller.exe1.8.drStatic PE information: section name: .didata
Source: AdblockInstaller.exe2.8.drStatic PE information: section name: .didata
Source: AdblockInstaller.exe3.8.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.31.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.34.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.36.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.38.drStatic PE information: section name: .didata
Source: AdblockInstaller.tmp.40.drStatic PE information: section name: .didata
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E18FB04 push ecx; ret 0_2_6E18FB16
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E18F9A8 push ecx; ret 0_2_6E18F9BB
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E17D534 push esi; iretd 0_2_6E17D549
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB0670A push ecx; ret 2_2_6CB0671D
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00000215A5950F55 pushad ; iretd 8_2_00000215A5950F56
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00000215A5953EC7 pushad ; iretd 8_2_00000215A5953ED0
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00000215A59519C3 pushad ; iretd 8_2_00000215A59519CC
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6F90C1 push rcx; ret 12_2_00007FF7FE6F90C2

Persistence and Installation Behavior

barindex
Uses cmd line tools excessively to alter registry or file data
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-1T87C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-SCJGQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-29DHH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-JLEGQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-F42KK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\DnsService.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-72D60.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-PPNGI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\nvrtc64_100_0.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeFile created: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-L9G10.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\crashpad_handler.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-B0RRR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\nvrtc-builtins64_100.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\MassiveEngine.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\nvml.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-7LV2F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-2DJ13.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\nheqminer.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-HFHLD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-QOB6D.tmpJump to dropped file
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\packetcrypt.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-4S8D7.tmpJump to dropped file
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-VF008.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\WinSparkle.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\XMRCLBridgeNV.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\Adblock.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-6PM28.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-IIBD1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\MiningGpu.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeFile created: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-P4D6E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\kawBridge.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\SysGpuInfoEx.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-LNP37.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\is-QNP4V.tmpJump to dropped file
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\XMRCLBridge.dll (copy)Jump to dropped file
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\MassiveService.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\Programs\Adblock\SPCDNS.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeFile created: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #001.txtJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #002.txt
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #003.txt
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #004.txt
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #005.txt
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpFile created: C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #006.txt

Boot Survival

barindex
Monitors registry run keys for changes
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adblock Fast.lnkJump to behavior
Source: C:\Users\user\Programs\Adblock\DnsService.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e3b92eaa-f5c7-47f8-a487-f466f42035a1}
Source: C:\Users\user\Programs\Adblock\Adblock.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adblock Fast.lnkJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1884C1 IsIconic,0_2_6E1884C1
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB29EF4C IsIconic,8_2_00007FFDFB29EF4C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F397F0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,8_2_00007FFDF9F397F0
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines)
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT BatteryStatus, EstimatedChargeRemaining FROM Win32_Battery
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT BatteryStatus, EstimatedChargeRemaining FROM Win32_Battery
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\Software_Tool.exeMemory allocated: E7E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeMemory allocated: E7E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4C30000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 20DA4AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4D30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4D50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4D70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4F20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A4FA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5000000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5020000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5040000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5060000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A50E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5140000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5160000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5190000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A51B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A51D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5230000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5250000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5270000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5290000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A52B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A52D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A52F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5310000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5330000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5350000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5370000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5390000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A53B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A53D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A53F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5410000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5430000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5450000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5470000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A54B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5510000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5570000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5610000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5870000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5890000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A58B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A58D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A58F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5910000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5930000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5970000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5990000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A59B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A59D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A59F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5A10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5A30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5A50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5A70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5A90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5AB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5AD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5AF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5B10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5B30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5B50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5B70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5B90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5BB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5BD0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5BF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5C10000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5C30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5C50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5C70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A5C90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A80F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A8920000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A8950000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A9A10000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A8100000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeMemory allocated: 215A8950000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 709Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1468Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1341Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1372Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1175Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1376Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: threadDelayed 1420Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWindow / User API: foregroundWindowGot 1982Jump to behavior
Source: C:\Users\user\Programs\Adblock\DnsService.exeWindow / User API: threadDelayed 9718
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-1T87C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-29DHH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-JLEGQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-F42KK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-PPNGI.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\nvrtc64_100_0.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-VF008.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\XMRCLBridgeNV.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-B0RRR.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\nvrtc-builtins64_100.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\MassiveEngine.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-IIBD1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-P4D6E.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\kawBridge.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-7LV2F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-LNP37.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\nheqminer.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-2DJ13.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-HFHLD.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\is-QOB6D.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\XMRCLBridge.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\Programs\Adblock\packetcrypt.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibClr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\Desktop\Software_Tool.exeEvaded block: after key decisiongraph_0-56934
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpAPI coverage: 5.9 %
Source: C:\Users\user\Programs\Adblock\Adblock.exeAPI coverage: 4.1 %
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeAPI coverage: 3.9 %
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp TID: 7632Thread sleep time: -90000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp TID: 7632Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7556Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7564Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 709 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep time: -70900s >= -30000sJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 42 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 47 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 173 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 105 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 84 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1468 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 90 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 35 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1341 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1372 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1175 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1376 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 1420 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 7980Thread sleep count: 299 > 30Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 6736Thread sleep count: 42 > 30
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 6640Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Programs\Adblock\DnsService.exe TID: 2364Thread sleep count: 9718 > 30
Source: C:\Users\user\Programs\Adblock\Adblock.exe TID: 8120Thread sleep count: 46 > 30
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp TID: 1712Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp TID: 3748Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp TID: 4128Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp TID: 5904Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp TID: 940Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp TID: 1396Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp TID: 3320Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp TID: 3320Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000407Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000807Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpKey opened: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\00000407Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Users\user\Programs\Adblock\Adblock.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT NumberOfCores, NumberOfLogicalProcessors, ThreadCount FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406301 FindFirstFileW,FindClose,0_2_00406301
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00406CC7
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E181C23 __EH_prolog3_GS,GetFullPathNameW,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,0_2_6E181C23
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E190F62 GetFileAttributesW,GetLastError,GetLastError,SetFileAttributesW,GetLastError,GetTempPathW,GetLastError,FindFirstFileW,GetLastError,SetFileAttributesW,DeleteFileW,GetTempFileNameW,MoveFileExW,MoveFileExW,MoveFileExW,FindNextFileW,GetLastError,GetLastError,GetLastError,GetLastError,RemoveDirectoryW,GetLastError,MoveFileExW,GetLastError,FindClose,0_2_6E190F62
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F493BC _errno,_invalid_parameter_noinfo,_errno,_getdrive,FindFirstFileExW,_errno,_errno,_errno,_errno,_errno,IsRootUNCName,GetDriveTypeW,free,free,_errno,_wsopen_s,_fstat64i32,_close,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FileTimeToSystemTime,SystemTimeToTzSpecificLocalTime,FindClose,__wdtoxmode,_errno,GetLastError,_dosmaperr,FindClose,8_2_00007FFDF9F493BC
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE72AAF0 FindFirstFileExW,12_2_00007FF7FE72AAF0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE72A270 FindFirstFileExW,abort,12_2_00007FF7FE72A270
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DA4A0 GetSystemInfo,8_2_00007FFDFA5DA4A0
Source: Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW..
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
Source: Adblock.exe, 00000008.00000003.1965947363.0000020DA3EE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flu
Source: DnsService.exe, 00000019.00000003.2212057590.000002864470F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareinc.demdex.net.
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: DnsService.exe, 00000019.00000003.2212057590.000002864470F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwareinc.demdex.net.C
Source: Adblock.exe, 00000008.00000003.1955012844.0000020DA3CAB000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1952686845.0000020DA3CAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ersist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V HypeP
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
Source: AdblockInstaller.tmp, 00000002.00000003.1787865439.0000000008734000.00000004.00000020.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.2521431057.000000000873A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3391646315.000002B653E41000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.3392690583.000002B659454000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000023.00000003.3178183836.0000000000A72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Adblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW'
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service&
Source: Adblock.exe, 00000008.00000003.1955012844.0000020DA3CAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: architectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root PartitionFvW
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes[vJ
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.sys
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionaWU
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
Source: Adblock.exe, 00000008.00000003.1965756329.0000020DA3EDC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dex4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Addre
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partitionc
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesl
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.mui
Source: svchost.exe, 00000003.00000002.3391586617.000002B653E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP$
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root PartitionlM
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V asydhrvspwageoo Bus Pipes
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`l
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4193414793.0000020DA1D0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
Source: Adblock.exe, 00000008.00000002.4193414793.0000020DA1D7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition
Source: Adblock.exe, 00000008.00000003.1952870997.0000020DA3F0B000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1952838464.0000020DA3F0B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0Hosted Cache: Segment offers queue size9612Publication Cache: Published contents9614Local Cache: Average access time3432WSMan Quota Statistics3434Total Requests/Second3436User Quota Violations/Second3438System Quota Violations/Second3440Active Shells3442Active Operations3444Active Users3446Process ID1914Hyper-V VM Vid Partition1916Physical Pages Allocated1918Preferred NUMA Node Index1920Remote Physical Pages1922ClientHandles1924CompressPackTimeInUs1926CompressUnpackTimeInUs1928CompressPackInputSizeInBytes1930CompressUnpackInputSizeInBytes1932CompressPackOutputSizeInBytes1934CompressUnpackOutputSizeInBytes1936CompressUnpackUncompressedInputSizeInBytes1938CompressPackDiscardedSizeInBytes1940CompressWorkspaceSizeInBytes1942CompressScratchPoolSizeInBytes1944CryptPackTimeInUs1946CryptUnpackTimeInUs1948CryptPackInputSizeInBytes1950CryptUnpackInputSizeInBytes1952CryptPackOutputSizeInBytes1954CryptUnpackOutputSizeInBytes1956CryptScratchPoolSizeInBytes
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C1D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processorl
Source: AdblockInstaller.tmp, 00000002.00000003.2522337210.0000000008700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V asydhrvspwageoo Bus
Source: Adblock.exe, 00000008.00000003.1965777611.0000020DA3F37000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nsition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipesG
Source: Adblock.exe, 00000008.00000003.1967869958.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1968179657.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000003.1967154622.0000020DA3C6C000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4194631920.0000020DA3C2C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partitionr
Source: C:\Users\user\Desktop\Software_Tool.exeAPI call chain: ExitProcess graph end nodegraph_0-54782
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19054E IsDebuggerPresent,OutputDebugStringW,0_2_6E19054E
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E18041D OutputDebugStringA,GetLastError,0_2_6E18041D
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406328 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00406328
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A2571 mov eax, dword ptr fs:[00000030h]0_2_6E1A2571
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A80A7 mov eax, dword ptr fs:[00000030h]0_2_6E1A80A7
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A80EB mov eax, dword ptr fs:[00000030h]0_2_6E1A80EB
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB0CDFC mov eax, dword ptr fs:[00000030h]2_2_6CB0CDFC
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB163E3 mov eax, dword ptr fs:[00000030h]2_2_6CB163E3
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19061C GetProcessHeap,HeapFree,GetLastError,0_2_6E19061C
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\Software_Tool.exeProcess created: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741Jump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1902E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E1902E9
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E18FB78 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6E18FB78
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1952CE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6E1952CE
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB0A0F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6CB0A0F3
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB06822 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6CB06822
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: 2_2_6CB06AFE IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6CB06AFE
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F4A938 SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFDF9F4A938
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DBAF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFDFA5DBAF8
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA5DB77C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFDFA5DB77C
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFA900974 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFDFA900974
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB311EE8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00007FFDFB311EE8
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDFB31EEEC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00007FFDFB31EEEC
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6A2EF0 __scrt_fastfail,IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00007FF7FE6A2EF0
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE6AE870 SetUnhandledExceptionFilter,12_2_00007FF7FE6AE870
Source: C:\Users\user\Desktop\Software_Tool.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Modifies the hosts file
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile written: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im Adblock.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exeJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe "C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATEJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im Adblock.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpProcess created: C:\Windows\SysWOW64\taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exeJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp "c:\users\user\appdata\local\temp\is-l7l2v.tmp\adblockinstaller.tmp" /sl5="$140254,13644040,792064,c:\users\user\appdata\local\temp\update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\adblockinstaller.exe" /sp- /verysilent /noicons /suppressmsgboxes /update
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp "c:\users\user\appdata\local\temp\is-ml4ic.tmp\adblockinstaller.tmp" /sl5="$1104e6,13644040,792064,c:\users\user\appdata\local\temp\update-74140fec-9303-423c-852a-3018c27d3dc1\adblockinstaller.exe" /sp- /verysilent /noicons /suppressmsgboxes /update
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08Jump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Users\user\Programs\Adblock\crashpad_handler.exe c:\users\user\programs\adblock\crashpad_handler.exe --no-rate-limit "--database=c:\users\user\appdata\roaming\adblock fast\crashdumps" "--metrics-dir=c:\users\user\appdata\roaming\adblock fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=c:\users\user\appdata\roaming\adblock fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
Source: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp "c:\users\user\appdata\local\temp\is-l7l2v.tmp\adblockinstaller.tmp" /sl5="$140254,13644040,792064,c:\users\user\appdata\local\temp\update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\adblockinstaller.exe" /sp- /verysilent /noicons /suppressmsgboxes /update
Source: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp "c:\users\user\appdata\local\temp\is-ml4ic.tmp\adblockinstaller.tmp" /sl5="$1104e6,13644040,792064,c:\users\user\appdata\local\temp\update-74140fec-9303-423c-852a-3018c27d3dc1\adblockinstaller.exe" /sp- /verysilent /noicons /suppressmsgboxes /update
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: 8_2_00007FFDF9F38CA0 AllocateAndInitializeSid,CheckTokenMembership,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,FreeSid,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetLastError,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,GetCurrentThreadId,8_2_00007FFDF9F38CA0
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E19010D cpuid 0_2_6E19010D
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,2_2_6CB19DB7
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: EnumSystemLocalesW,2_2_6CB0E6E2
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_6CB19EDD
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,2_2_6CB19FE3
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,2_2_6CB19751
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_6CB1A0B2
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: EnumSystemLocalesW,2_2_6CB199F3
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,2_2_6CB1994C
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: EnumSystemLocalesW,2_2_6CB19AD9
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: EnumSystemLocalesW,2_2_6CB19A3E
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,2_2_6CB0EBA7
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_6CB19B64
Source: C:\Users\user\Programs\Adblock\Adblock.exeCode function: GetLocaleInfoW,8_2_00007FFDFB338CAC
Source: C:\Users\user\Desktop\Software_Tool.exeQueries volume information: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibClr.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Software_Tool.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\Programs\Adblock\crashpad_handler.exe VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run.lock VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\metadata VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\reports VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\settings.dat VolumeInformationJump to behavior
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\user-consent VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\Programs\Adblock\crashpad_handler.exe VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run.lock VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\reports VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\settings.dat VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\session.json VolumeInformation
Source: C:\Windows\System32\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\user-consent VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\Programs\Adblock\crashpad_handler.exe VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run.lock VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run.lock VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\settings.dat VolumeInformation
Source: C:\Users\user\Programs\Adblock\Adblock.exeQueries volume information: C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\session.json VolumeInformation
Source: C:\Users\user\Programs\Adblock\crashpad_handler.exeCode function: 12_2_00007FF7FE706950 GetVersion,CreateNamedPipeW,12_2_00007FF7FE706950
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A4FB1 GetSystemTimeAsFileTime,0_2_6E1A4FB1
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1A7DBD _free,GetTimeZoneInformation,_free,0_2_6E1A7DBD
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_00406831 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406831
Source: C:\Users\user\Desktop\Software_Tool.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the hosts file
Source: C:\Users\user\Programs\Adblock\DnsService.exeFile written: C:\Windows\System32\drivers\etc\hosts
Modifies the windows firewall
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Windows\System32\netsh.exe C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLE
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\Programs\Adblock\Adblock.exeProcess created: C:\Windows\System32\netsh.exe C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLE

Stealing of Sensitive Information

barindex
Modifies the DNS server
Source: C:\Users\user\Programs\Adblock\DnsService.exeRegistry value created: 127.0.0.1
Source: C:\Users\user\Programs\Adblock\DnsService.exeRegistry value created:
Source: C:\Users\user\Programs\Adblock\DnsService.exeRegistry value created: 1.1.1.1
Source: C:\Users\user\Programs\Adblock\DnsService.exeRegistry value created: 127.0.0.1
Source: C:\Users\user\Desktop\Software_Tool.exeCode function: 0_2_6E1594C0 LoadLibraryW,GetLastError,GetProcAddress,GetLastError,FreeLibrary,CorBindToRuntimeEx,FreeLibrary,FreeLibrary,FreeLibrary,0_2_6E1594C0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts311
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
File and Directory Permissions Modification		21
Input Capture		2
System Time Discovery		Remote Services11
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Native API		1
Create Account		1
Access Token Manipulation		221
Disable or Modify Tools		LSASS Memory2
File and Directory Discovery		Remote Desktop Protocol21
Input Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts112
Command and Scripting Interpreter		11
Windows Service		11
Windows Service		1
Deobfuscate/Decode Files or Information		Security Account Manager57
System Information Discovery		SMB/Windows Admin Shares2
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		12
Process Injection		2
Obfuscated Files or Information		NTDS11
Query Registry		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd2
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		11
Software Packing		LSA Secrets451
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		1
Timestomp		Cached Domain Credentials24
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync1
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
File Deletion		Proc Filesystem11
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Masquerading		/etc/passwd and /etc/shadow2
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Modify Registry		Network Sniffing1
Remote System Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd24
Virtualization/Sandbox Evasion		Input Capture1
System Network Configuration Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Access Token Manipulation		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers12
Process Injection		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571118 Sample: Software_Tool.exe Startdate: 09/12/2024 Architecture: WINDOWS Score: 100 131 o428832.ingest.sentry.io 2->131 133 myexternalip.com 2->133 135 4 other IPs or domains 2->135 157 Malicious sample detected (through community Yara rule) 2->157 159 Antivirus / Scanner detection for submitted sample 2->159 161 Multi AV Scanner detection for dropped file 2->161 163 2 other signatures 2->163 11 Software_Tool.exe 19 2->11         started        14 DnsService.exe 2->14         started        18 svchost.exe 1 1 2->18         started        20 2 other processes 2->20 signatures3 process4 dnsIp5 105 C:\Users\user\AppData\Local\...\SibClr.dll, PE32 11->105 dropped 107 C:\Users\user\...\AdblockInstaller.exe, PE32 11->107 dropped 109 C:\Users\user\AppData\Local\...\Sibuia.dll, PE32 11->109 dropped 22 AdblockInstaller.exe 2 11->22         started        143 9.9.9.9 QUAD9-AS-1US United States 14->143 145 8.8.4.4 GOOGLEUS United States 14->145 151 6 other IPs or domains 14->151 177 Found strings related to Crypto-Mining 14->177 179 Modifies the DNS server 14->179 147 127.0.0.1 unknown unknown 18->147 149 o428832.ingest.sentry.io 34.120.195.249 GOOGLEUS United States 20->149 26 crashpad_handler.exe 20->26         started        28 crashpad_handler.exe 20->28         started        file6 signatures7 process8 file9 103 C:\Users\user\...\AdblockInstaller.tmp, PE32 22->103 dropped 175 Multi AV Scanner detection for dropped file 22->175 30 AdblockInstaller.tmp 26 45 22->30         started        signatures10 process11 dnsIp12 153 api.joinmassive.com 18.165.220.32 MIT-GATEWAYSUS United States 30->153 123 C:\Users\user\...\unins000.exe (copy), PE32 30->123 dropped 125 C:\Users\user\...\packetcrypt.dll (copy), PE32+ 30->125 dropped 127 C:\Users\user\...\nvrtc64_100_0.dll (copy), PE32+ 30->127 dropped 129 37 other files (36 malicious) 30->129 dropped 155 Monitors registry run keys for changes 30->155 35 Adblock.exe 4 116 30->35         started        40 cmd.exe 30->40         started        42 cmd.exe 30->42         started        44 2 other processes 30->44 file13 signatures14 process15 dnsIp16 137 18.165.220.23 MIT-GATEWAYSUS United States 35->137 139 18.165.220.75 MIT-GATEWAYSUS United States 35->139 141 5 other IPs or domains 35->141 95 C:\Users\user\...\AdblockInstaller.exe, PE32 35->95 dropped 97 C:\Users\user\...\AdblockInstaller.exe, PE32 35->97 dropped 99 C:\Users\user\...\AdblockInstaller.exe, PE32 35->99 dropped 101 2 other files (none is malicious) 35->101 dropped 165 Queries sensitive battery information (via WMI, Win32_Battery, often done to detect virtual machines) 35->165 167 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 35->167 169 Found strings related to Crypto-Mining 35->169 173 4 other signatures 35->173 46 DnsService.exe 35->46         started        50 AdblockInstaller.exe 35->50         started        52 AdblockInstaller.exe 35->52         started        62 6 other processes 35->62 171 Uses cmd line tools excessively to alter registry or file data 40->171 54 conhost.exe 40->54         started        56 reg.exe 40->56         started        64 2 other processes 42->64 58 conhost.exe 44->58         started        60 conhost.exe 44->60         started        file17 signatures18 process19 file20 111 C:\Windows\System32\drivers\etc\hosts, ASCII 46->111 dropped 181 Modifies the hosts file 46->181 113 C:\Users\user\...\AdblockInstaller.tmp, PE32 50->113 dropped 66 AdblockInstaller.tmp 50->66         started        115 C:\Users\user\...\AdblockInstaller.tmp, PE32 52->115 dropped 69 AdblockInstaller.tmp 52->69         started        117 C:\Users\user\...\AdblockInstaller.tmp, PE32 62->117 dropped 119 C:\Users\user\...\AdblockInstaller.tmp, PE32 62->119 dropped 121 C:\Users\user\...\AdblockInstaller.tmp, PE32 62->121 dropped 71 AdblockInstaller.tmp 62->71         started        73 AdblockInstaller.tmp 62->73         started        75 AdblockInstaller.tmp 62->75         started        signatures21 process22 file23 93 2 other files (1 malicious) 66->93 dropped 77 C:\Users\user\AppData\...\PEInjector.dll, PE32 69->77 dropped 79 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 69->79 dropped 81 C:\Users\user\AppData\...\PEInjector.dll, PE32 71->81 dropped 83 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 71->83 dropped 85 C:\Users\user\AppData\...\PEInjector.dll, PE32 73->85 dropped 87 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 73->87 dropped 89 C:\Users\user\AppData\...\PEInjector.dll, PE32 75->89 dropped 91 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 75->91 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Software_Tool.exe55%ReversingLabsWin32.PUA.BundlerX
Software_Tool.exe63%VirustotalBrowse
Software_Tool.exe100%AviraTR/Dldr.Upatre.hsuux

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp2%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\PEInjector.dll12%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll29%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe38%ReversingLabsWin32.Coinminer.BitCoinMiner
C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibClr.dll0%ReversingLabs
C:\Users\user\Programs\Adblock\Adblock.exe (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\DnsService.exe (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\MassiveEngine.exe (copy)25%ReversingLabsWin64.Coinminer.Generic
C:\Users\user\Programs\Adblock\MassiveService.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\MiningGpu.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\SPCDNS.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\SysGpuInfoEx.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\WinSparkle.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\XMRCLBridge.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\XMRCLBridgeNV.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\crashpad_handler.exe (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\is-1T87C.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-29DHH.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-2DJ13.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-4S8D7.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-6PM28.tmp2%ReversingLabs
C:\Users\user\Programs\Adblock\is-72D60.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-7LV2F.tmp8%ReversingLabs
C:\Users\user\Programs\Adblock\is-B0RRR.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-F42KK.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-HFHLD.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-IIBD1.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-JLEGQ.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-L9G10.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-LNP37.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-P4D6E.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-PPNGI.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-QNP4V.tmp2%ReversingLabs
C:\Users\user\Programs\Adblock\is-QOB6D.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-SCJGQ.tmp0%ReversingLabs
C:\Users\user\Programs\Adblock\is-VF008.tmp25%ReversingLabsWin64.Coinminer.Generic
C:\Users\user\Programs\Adblock\kawBridge.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\nheqminer.dll (copy)8%ReversingLabs
C:\Users\user\Programs\Adblock\nvml.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\nvrtc-builtins64_100.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\nvrtc64_100_0.dll (copy)0%ReversingLabs
C:\Users\user\Programs\Adblock\packetcrypt.dll (copy)0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
cdn.computewall.com2%VirustotalBrowse
downloads.adblockfast.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://downloads.adblockfast.com/0%Avira URL Cloudsafe
http://www.andymatuschak.org/xml-namespaces/sparkle#os0%Avira URL Cloudsafe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe
http://www.appinf.com/features/enable-partial-readsO0%Avira URL Cloudsafe
https://downloads.joinmassive.c0%Avira URL Cloudsafe
http://dbaron.org/log/20100309-faster-timeouts0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/6.0/#sec-call0%Avira URL Cloudsafe
http://xml.org/sax/features/external-general-entitiesdllG0%Avira URL Cloudsafe
https://bugs.ecmascript.org/show_bug.cgi?id=24160%Avira URL Cloudsafe
https://crashpad.chromium.org/0%Avira URL Cloudsafe
http://xml.org/sax/features/string-interningy0%Avira URL Cloudsafe
http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.html0%Avira URL Cloudsafe
http://indiegamr.com/generate-repeatable-random-numbers-in-js/0%Avira URL Cloudsafe
https://private-api.joinmassive.com$0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/6.0/#sec-typeof-operator-runtime-semantics-evaluation0%Avira URL Cloudsafe
http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.a0%Avira URL Cloudsafe
http://www.ecma-international.org/ecma-262/6.0/#sec-terms-and-definitions-number-type0%Avira URL Cloudsafe
https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume0%Avira URL Cloudsafe
https://crashpad.chromium.org/bug/new0%Avira URL Cloudsafe
https://cdn.computewall.com/adblockfast/domains/adguard_filtered.conf0%Avira URL Cloudsafe
http://xml.org/sax/features/external-parameter-entitiess0%Avira URL Cloudsafe
http://www.andymatuschak.org/xml-namespaces/sparkle#os0%VirustotalBrowse
https://bugs.ecmascript.org/show_bug.cgi?id=24650%Avira URL Cloudsafe
https://www.joinmassive.com/Powered0%Avira URL Cloudsafe
https://private-api.joinmassive.com0%Avira URL Cloudsafe
http://paulmillr.com)0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
o428832.ingest.sentry.io
34.120.195.249
truefalse
    		high
    cdn.computewall.com
    		104.26.2.25
    		truefalseunknown
    myexternalip.com
    		34.160.111.145
    		truefalse
      		high
      downloads.joinmassive.com
      		18.66.161.113
      		truefalse
        		high
        api.joinmassive.com
        		18.165.220.32
        		truefalse
          		high
          downloads.adblockfast.com
          		172.67.74.54
          		truefalseunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://api.joinmassive.com/telemetry?source=installer&env=prodfalse
            		high
            https://api.joinmassive.com/telemetry?source=app&env=prodfalse
              		high
              https://api.joinmassive.com/dist/match?productId=adblockfast&distId=marketator&downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&installerSessionId=9e146be91733702593&pid=741&installType=installPathfalse
                		high
                https://api.joinmassive.com/false
                  		high
                  https://api.joinmassive.com/telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prodfalse
                    		high
                    https://cdn.computewall.com/adblockfast/domains/adguard_filtered.conffalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlfalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://github.com/paulmillr/es6-shim/issues/176AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                        		high
                        https://github.com/moment/moment/issues/1423AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                          		high
                          https://github.com/chartjs/Chart.js/pull/4507Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                            		high
                            https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml:Adblock.exe, 00000008.00000002.4222253873.00000215A840E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml#Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.andymatuschak.org/xml-namespaces/sparkle#osAdblock.exe, Adblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpfalse
                                • 0%, Virustotal, Browse
                                • Avira URL Cloud: safe
                                		unknown
                                http://chartjs.org/AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                  		high
                                  http://www.appinf.com/features/enable-partial-readsOAdblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://downloads.joinmassive.cAdblock.exe, 00000014.00000003.2037172003.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2013091120.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2039591062.000001C27D776000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newAdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://downloads.adblockfast.com/Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4222253873.00000215A83F1000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA40C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.apache.org/licenses/LICENSE-2.0CopyrightAdblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                    		high
                                    https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000003.00000003.1750212251.000002B65971A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.iubenda.com/privacy-policy/216992Uninstalling#uninstallingContactAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpfalse
                                        		high
                                        https://aka.ms/vs/17/release/vc_redist.x64.exeAdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/chartjs/Chart.js/issues/2538AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                            		high
                                            https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentr32lAdblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://dev.w3.org/csswg/css-color/#hwb-to-rgbAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                		high
                                                https://www.remobjects.com/psAdblockInstaller.exe, 00000001.00000003.1735061345.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000000.1736350662.0000000000401000.00000020.00000001.01000000.00000009.sdmpfalse
                                                  		high
                                                  http://dbaron.org/log/20100309-faster-timeoutsAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ecma-international.org/ecma-262/6.0/#sec-callAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.joinmassive.com/telemetry?source=app&env=prodwindoAdblock.exe, 00000008.00000002.4193414793.0000020DA1D24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.innosetup.com/AdblockInstaller.exe, 00000001.00000003.1735061345.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1734667884.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000000.1736350662.0000000000401000.00000020.00000001.01000000.00000009.sdmpfalse
                                                      		high
                                                      https://api.joinmassive.com/telemetry?source=app&env=prodpAdblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://github.com/chaAdblock.exe, 00000008.00000002.4199168174.0000020DA452E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://xml.org/sax/features/external-general-entitiesdllGAdblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://stackoverflow.com/q/3922139AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                            		high
                                                            https://github.com/chartjs/Chart.js/issues/4152AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                              		high
                                                              https://github.com/tc39/proposal-promise-finallyAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                		high
                                                                http://www.apache.org/licenses/LICENSE-2.0RobotoLightAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA4589000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                  		high
                                                                  https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000003.00000003.1750212251.000002B6596C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://gist.github.com/WebReflection/4327762cb87a8c634a29AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                      		high
                                                                      https://bugs.ecmascript.org/show_bug.cgi?id=2416AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=907077#c14AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                        		high
                                                                        https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Safely_detecting_optioAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                          		high
                                                                          http://momentjs.com/guides/#/warnings/zone/AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000003.2031266258.00000215A568B000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                            		high
                                                                            https://crashpad.chromium.org/AdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListenerAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                              		high
                                                                              http://xml.org/sax/features/string-interningyAdblock.exe, 0000001C.00000002.2186119574.0000024B1A7F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://docs.closure-library.googlecode.com/git/closure_goog_date_date.js.source.htmlAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://indiegamr.com/generate-repeatable-random-numbers-in-js/AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA455A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Adblock.exe, 00000008.00000002.4193414793.0000020DA1CF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/zloiros/339Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.ver)svchost.exe, 00000003.00000002.3392508121.000002B659400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/chartjs/Chart.js/issues/4287AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                      		high
                                                                                      https://private-api.joinmassive.com$Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sSoftware_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/chartjs/Chart.js/issues/2435#issuecomment-216718158AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                          		high
                                                                                          https://adblockfast.com/pfAdblockInstaller.exe, 00000001.00000002.4191319976.0000000000AC6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://stackoverflow.com/q/181348AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                              		high
                                                                                              http://www.ecma-international.org/ecma-262/6.0/#sec-typeof-operator-runtime-semantics-evaluationAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://tc39.github.io/ecma262/#sec-getsubstitutionAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                		high
                                                                                                https://downloads.joinmassive.com/pw)Adblock.exe, 00000008.00000002.4222253873.00000215A82E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.andymatuschak.org/xml-namespaces/sparkle#releaseNotesLinktitledescriptionlinkhttp://www.aAdblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://github.com/chartjs/Chart.js/issues/4737AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                    		high
                                                                                                    https://github.com/kkapsner/CanvasBlockerAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.joinmassive.com/telemetry/ping?source=app&productIdAdblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://xml.org/sax/features/string-interningYAdblock.exe, 00000008.00000002.4193414793.0000020DA1CAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://www.robertpenner.com/easing/AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                            		high
                                                                                                            https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlGuWAdblock.exe, 00000008.00000002.4194631920.0000020DA3BEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/chartjs/Chart.js/issues/3887AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                		high
                                                                                                                https://code.google.com/p/v8/issues/detail?id=4161AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.ecma-international.org/ecma-262/6.0/#sec-terms-and-definitions-number-typeAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresumeAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://github.com/marcj/css-element-queriesAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://momentjs.com/guides/#/warnings/min-max/Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xmlockAdblock.exe, 00000008.00000002.4222253873.00000215A8437000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://momentjs.comAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4216334054.00000215A5590000.00000004.00000800.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api.joinmassive.com/telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prAdblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4199827727.0000020DA45F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://code.google.com/p/chromium/issues/detail?id=575314AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://github.com/paulmillr/es6-shim/issues/252AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://github.com/Raynos/observ-hash/issues/2#issuecomment-35857671AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://tc39.github.io/ecma262/#sec-string.prototype.splitAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://ocsp.sectigo.com0Software_Tool.exe, 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://adblockfast.com//licenseAdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://downloads.joinmassive.com/adblockfast/prod/ips.txtAdblock.exe, 00000014.00000003.1988884305.000001C27D768000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://adblockfast.com/pfTAdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002546000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/paulmillr/es6-shim/issues/314#issuecomment-70293986AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://gist.github.com/WebReflection/5593554AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://crashpad.chromium.org/bug/newAdblockInstaller.tmp, 00000002.00000002.4201826285.00000000042BD000.00000004.00001000.00020000.00000000.sdmp, crashpad_handler.exe, crashpad_handler.exe, 0000000C.00000000.1895420601.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmp, crashpad_handler.exe, 00000015.00000002.2045010864.00007FF7FE73F000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://github.com/chartjs/Chart.js/issues/4102AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://code.google.com/p/v8/issues/detail?id=687AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4197863789.0000020DA4387000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/chartjs/Chart.js/issues/2380#issuecomment-279961569AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://joinmassive.com/termsAdblockInstaller.exe, 00000001.00000002.4191319976.0000000000A6E000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.exe, 00000001.00000003.1733601649.0000000002510000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000003.1738211985.0000000002F00000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.0000000002448000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4198604830.0000000003103000.00000004.00001000.00020000.00000000.sdmp, AdblockInstaller.tmp, 00000002.00000002.4195151175.000000000249E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/chartjs/Chart.js/issues/2440#issuecomment-256461897AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://api.joinmassive.com/telemetry?source=app&env=prodindows/appcaAdblock.exe, 00000014.00000003.2012676421.000001C27D776000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000003.2012894054.000001C27D78F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://xml.org/sax/features/external-parameter-entitiessAdblock.exe, 00000014.00000002.2039408780.000001C27D6A8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://bugs.ecmascript.org/show_bug.cgi?id=2465AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://www.openssl.org/support/faq.htmlAdblock.exe, 00000008.00000002.4228073198.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmp, Adblock.exe, 00000014.00000002.2043417343.00007FFDFB34C000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.joinmassive.com/PoweredAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000002.4225456688.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000000.1893958535.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000002.2040285372.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000014.00000000.1958533791.00007FF7042FB000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://github.com/paulmillr/es6-shim/blob/0.35.3/LICENSEAdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://private-api.joinmassive.comAdblock.exe, 00000008.00000002.4227372538.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmp, Adblock.exe, 00000008.00000002.4195530115.0000020DA4018000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2042679624.00007FFDFAE41000.00000002.00000001.01000000.00000013.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://paulmillr.com)AdblockInstaller.tmp, 00000002.00000002.4201826285.0000000003CB0000.00000004.00001000.00020000.00000000.sdmp, Adblock.exe, 00000008.00000000.1894074841.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmp, Adblock.exe, 00000008.00000002.4199168174.0000020DA446A000.00000004.00000020.00020000.00000000.sdmp, Adblock.exe, 00000014.00000002.2040514988.00007FF7043FE000.00000002.00000001.01000000.00000011.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                18.66.161.103
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                18.66.161.113
                                                                                                                                                                		downloads.joinmassive.comUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                9.9.9.9
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		19281QUAD9-AS-1USfalse
                                                                                                                                                                18.66.161.105
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                76.76.19.19
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		11402CCCAS-1USfalse
                                                                                                                                                                8.8.4.4
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                18.165.220.23
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                104.26.3.25
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                18.165.220.75
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                18.165.220.32
                                                                                                                                                                		api.joinmassive.comUnited States
                                                                                                                                                                		3MIT-GATEWAYSUSfalse
                                                                                                                                                                8.8.8.8
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                104.26.2.25
                                                                                                                                                                		cdn.computewall.comUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                104.26.15.74
                                                                                                                                                                		unknownUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                34.160.111.145
                                                                                                                                                                		myexternalip.comUnited States
                                                                                                                                                                		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                34.120.195.249
                                                                                                                                                                		o428832.ingest.sentry.ioUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                172.67.74.54
                                                                                                                                                                		downloads.adblockfast.comUnited States
                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                Private

                                                                                                                                                                IP
                                                                                                                                                                127.0.0.1

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                Analysis ID:1571118
                                                                                                                                                                Start date and time:2024-12-09 01:02:11 +01:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 13m 46s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                Number of analysed new started processes analysed:42
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:Software_Tool.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.adwa.spyw.evad.mine.winEXE@59/131@21/17
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 80%
                                                                                                                                                                HCA Information:Failed
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, schtasks.exe
                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.218.208.109, 142.250.181.46
                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
                                                                                                                                                                • Execution Graph export aborted for target Adblock.exe, PID 4928 because there are no executed function
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                00:03:32Task SchedulerRun new task: Adblock Fast path: C:\Users\user\Programs\Adblock\Adblock.exe s>--autorun
                                                                                                                                                                00:03:39AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adblock Fast.lnk
                                                                                                                                                                19:03:12API Interceptor3x Sleep call for process: svchost.exe modified
                                                                                                                                                                19:03:15API Interceptor29x Sleep call for process: AdblockInstaller.tmp modified
                                                                                                                                                                19:03:40API Interceptor7257439x Sleep call for process: Adblock.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                18.66.161.113https://vacilandoblog.wordpress.com/2015/04/22/a-tribute-to-my-mother-in-law-rest-in-peace-april-22-2015/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  https://ciicai-com.powerappsportals.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                    9.9.9.9file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                        Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                              ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                    Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        18.165.220.23https://aaanycyytg7pagn3.mylandingpages.co/pdffile/Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                                                                                                          HQV-224647.docxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                            104.26.3.25https://1drv.ms/o/s!BPW2GdNgeVBgkRJ32Mqll13DHCvN?e=kMK615hvbU2EZlN--DBzHA&at=9Get hashmaliciousSharepointPhisherBrowse
                                                                                                                                                                                              https://cavco3-my.sharepoint.com/:o:/g/personal/aa604_cavco_com/EhpwrWQjMhNGhKm60QdtCSEB9KIC45SWURn4frPsjjy84Q?e=5%3aJD14AC&at=9&CT=1691774836718&OR=OWA-NT&CID=40ce7960-2fc7-ff0d-54b4-a18df5219d94Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                https://bio.link/mirosoftttcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  https://bio.link/mirosoftttcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                                18.165.220.75https://farmboyclothing.com/?7rgaki=P29icXQwPVBsaXd4dzVCcloyZWA1QmRWWUk0Oi5bbD8jdXlmdS5vZmVlamkjPnR0Ym1kIW9icXQ9P21udWkwPQs/emVwYzA9Cz96ZXBjPQs/ZWJmaTA9Cz9mbXp1dDA9ISEhIQt+ISEhISEhISELMCshTlBFIWZpdSFvaiF0dXRqeWYhbW1qdXQhdXZjIXRzZnR2IXB1IWZtY2p0anchdXBvIXQodWohdGZzdnRvRiErMCE8b2ZlZWppITt6dWptamNqdGp3ISEhISEhISEhISEhCzArIWVvdnBzaGxkYmMhZnVqaXghYiFwdW9qIWVvZm1jIXV5ZnUhdGZsYk4hKzAhPGZ1aml4ITtzcG1wZCEhISEhISEhISEhIQt8IXV5ZnUub2ZlZWppLyEhISEhISEhCz9mbXp1dD0hISEhCz9mbXVqdTA9Zm5wST9mbXVqdT0hISEhCz8jbnBkL3RmamhwbXBvaWRmdXR2c3ZkZnRBYm96ZnNjMGx2L3BkL3ptcWp1bWJzZmQvbWpibjAwO3RxdXVpPm1zdjwzIz51b2Z1b3BkISNpdGZzZ2ZzIz53anZyZi5xdXVpIWJ1Zm49ISEhIQs/IzkuR1VWIz51ZnRzYmlkIWJ1Zm49ISEhIQs/ZWJmaT0LP21udWk9P29icXQwPXFRVUt2NTg0ZDRiPm5Eaz05T29jOFlCWi5mVlJVRUpNUjlHMk1XXmtiZHZVPyN1eWZ1Lm9mZWVqaSM+dHRibWQhb2JxdD0Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                                                  https://www.scrolldroll.com/best-dialogues-from-asur/Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    myexternalip.comPrismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    KltG8Z7KCn.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    KltG8Z7KCn.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    https://www.lusha.com/privacy_topic/control-your-profile/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    SecuriteInfo.com.Variant.Fragtor.599953.20231.7803.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    fuol91mv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    fuol91mv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    SecuriteInfo.com.Win64.Evo-gen.28044.10443.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 34.160.111.145
                                                                                                                                                                                                                    downloads.joinmassive.comSEO_Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.164.68.14
                                                                                                                                                                                                                    run_206fc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 13.224.103.24
                                                                                                                                                                                                                    VSiqfvLPjE.exeGet hashmaliciousNymaimBrowse
                                                                                                                                                                                                                    • 18.66.192.123
                                                                                                                                                                                                                    VSiqfvLPjE.exeGet hashmaliciousNymaimBrowse
                                                                                                                                                                                                                    • 18.66.192.123
                                                                                                                                                                                                                    B6gXqbOxy7.exeGet hashmaliciousNymaimBrowse
                                                                                                                                                                                                                    • 99.86.159.106
                                                                                                                                                                                                                    B6gXqbOxy7.exeGet hashmaliciousNymaim, RedLine, SmokeLoader, VidarBrowse
                                                                                                                                                                                                                    • 99.86.159.2
                                                                                                                                                                                                                    OriginalBuild.exe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.66.192.123
                                                                                                                                                                                                                    forodelguardcivil_264k_vBavw.sql.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 108.138.199.122
                                                                                                                                                                                                                    cdn.computewall.comfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.68.80
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 172.67.68.80
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousErbium Stealer, ManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                                    • 104.26.3.25
                                                                                                                                                                                                                    file.exeGet hashmaliciousManusCrypt, SmokeLoader, Socelars, lgoogLoaderBrowse
                                                                                                                                                                                                                    • 104.26.2.25

                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    MIT-GATEWAYSUSsora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.150.27.18
                                                                                                                                                                                                                    sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.212.189.251
                                                                                                                                                                                                                    sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.174.18.14
                                                                                                                                                                                                                    meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.125.60.66
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    • 18.66.161.4
                                                                                                                                                                                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.96.78.179
                                                                                                                                                                                                                    akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.103.8.220
                                                                                                                                                                                                                    jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.66.149.255
                                                                                                                                                                                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.147.190.251
                                                                                                                                                                                                                    jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.236.86.235
                                                                                                                                                                                                                    QUAD9-AS-1USKameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, LummaC StealerBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    Zoom.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    pdfguruhub.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    ACHAT DE 2 IMMEUBLES.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    allpdfpro.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    rPO3799039985.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                                    • 149.112.112.112
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                                                                                                                                                                    • 9.9.9.9
                                                                                                                                                                                                                    MIT-GATEWAYSUSsora.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.150.27.18
                                                                                                                                                                                                                    sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.212.189.251
                                                                                                                                                                                                                    sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.174.18.14
                                                                                                                                                                                                                    meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                    • 19.125.60.66
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    • 18.66.161.4
                                                                                                                                                                                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.96.78.179
                                                                                                                                                                                                                    akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.103.8.220
                                                                                                                                                                                                                    jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.66.149.255
                                                                                                                                                                                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.147.190.251
                                                                                                                                                                                                                    jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 19.236.86.235

                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    6271f898ce5be7dd52b0fc260d0662b3file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    https://u48644047.ct.sendgrid.net/ls/click?upn=u001.3irT40U-2BlTtWVjPO1bgMkUPMRV7HMaBj-2FcZe3i1L5jDR7G1Ks0wP9YDqpnyIpxjZeIBaCeYZtGJgliwzSaJhwg-3D-3Dg90K_vPQ7onHR3f0o8KfOdBDFScd6URBvV6dRJTvL1FnCMOJp3bqQS0z8XYrmZvQsYKgv9M18uyN4otj9SHTsh0jVVVuVPoownVxKSao-2Fy-2F5zkA0ggrGoSd-2BVIld1mpIeS3DUcNNIvsq7yFDKM7DHebzUtokLUwZtE0mCsLz1Bm0-2B1LrSQGv4FTM1s6ckzg8R6Atlvbv-2BxwILwC6PQXifnpXLjP04W47PCxVuKYY5jyS-2FXWc-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    3qvTuHPZz2.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    73cceb_de0cf39691b24825b9733575e081f7fa.rtfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    Outstanding_Payment.vbsGet hashmaliciousXenoRATBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    Outstanding_Payment.vbs_.vbsGet hashmaliciousXenoRATBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    Outstanding_Payment.vbs_.vbsGet hashmaliciousXenoRATBrowse
                                                                                                                                                                                                                    • 18.66.161.113
                                                                                                                                                                                                                    • 172.67.74.54
                                                                                                                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1Resource.exeGet hashmaliciousFabookieBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    Resource.exeGet hashmaliciousFabookieBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                    • 18.165.220.23
                                                                                                                                                                                                                    • 34.120.195.249
                                                                                                                                                                                                                    • 18.165.220.75
                                                                                                                                                                                                                    • 18.165.220.32

                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dlliX7ahNVKav.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      BJeLg1HKR4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        php_thetitle_.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          run_206fc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Windows_10_Pro_Anniversary_Update_PT-BR_3265_Bits.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              run_206fc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                Windows_10_Pro_Anniversary_Update_PT-BR_3265_Bits.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  54zEUp34e1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    54zEUp34e1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      VSiqfvLPjE.exeGet hashmaliciousNymaimBrowse

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):8192
                                                                                                                                                                                                                                        Entropy (8bit):0.363788168458258
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
                                                                                                                                                                                                                                        MD5:0E72F896C84F1457C62C0E20338FAC0D
                                                                                                                                                                                                                                        SHA1:9C071CC3D15E5BD8BF603391AE447202BD9F8537
                                                                                                                                                                                                                                        SHA-256:686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
                                                                                                                                                                                                                                        SHA-512:AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                        Entropy (8bit):1.3107345101410446
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrx:KooCEYhgYEL0In
                                                                                                                                                                                                                                        MD5:5F41EBEE350A98C5A04F5028C441C808
                                                                                                                                                                                                                                        SHA1:53BA030D5F5F9200FEA6EDE9AFE3C3349A021B7D
                                                                                                                                                                                                                                        SHA-256:926109F945CD273B14B782A01BE5A03A0D202E213D60253E2EA34783CDE93E34
                                                                                                                                                                                                                                        SHA-512:799BBBD9F442F73AFBC2D5A56B6DF876EF420D6D96375D91173406C96CBDFE010E593BE453620D98A737B3D4B41A7C2F2A7466E2F7941BB0F5993AAA6DC2CE56
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x56f9aecc, page size 16384, Windows version 10.0
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                                                                                        Entropy (8bit):0.42207957218103537
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:3SB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:3azag03A2UrzJDO
                                                                                                                                                                                                                                        MD5:68A99E6D688A92662A94B0915391E09A
                                                                                                                                                                                                                                        SHA1:D15CCAEADB5B592E8DCC60E69255375444CA507D
                                                                                                                                                                                                                                        SHA-256:A076F3B5E5D983CFFD8B3B22A3A60F4C9D5D4D41585956FFEA4AB0B85AEB4A8A
                                                                                                                                                                                                                                        SHA-512:28F4FAD8E3CC660AE532120A9C049DFB6CF1F419B052EE7BF829682877B2865635C26D65CC42C544EFB8106804E7AE10CE45D8BF0487B4355587A49F61E4EA0A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:V...... .......Y.......X\...;...{......................n.%..........|.......|..h.#..........|..n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...........................................|...................-.-.....|...........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                        Entropy (8bit):0.073532775397993
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:i2mEetYeeSspZOnLpZMtzZh2b7tH6AtallOE/tlnl+/rTc:i2mdzLnLpZMFZY/TIpMP
                                                                                                                                                                                                                                        MD5:96D54772258594C8759EEB472A452BDC
                                                                                                                                                                                                                                        SHA1:F2C6EC58F7A89202C05F97376CF9FA2E098A8671
                                                                                                                                                                                                                                        SHA-256:E351A23209096BE20749ADDA54542004F979813FCB44342470C40DFB9CBB508C
                                                                                                                                                                                                                                        SHA-512:C1B197D940780C2EBD16E8D81217993257A8D1CC8381A65192CCD06C27CE1EBDD8FC9F6A646600DBD821C4ECB38902F54160AD6C8AA1B01810F06024954FD816
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.c.S.....................................;...{.......|.......|...............|.......|....\......|...................-.-.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adblock.lnk

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Dec 8 23:03:22 2024, mtime=Sun Dec 8 23:03:22 2024, atime=Fri Sep 9 23:09:30 2022, length=5698400, window=hide
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1060
                                                                                                                                                                                                                                        Entropy (8bit):4.903452971560968
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:8mv23aimpge3WGqnBIR96A2/rSAZoAyEvqyFm:8mv23yH3VRT7AZoA0yF
                                                                                                                                                                                                                                        MD5:DCF89020A4E13215F8035C5B4390DB75
                                                                                                                                                                                                                                        SHA1:A8CBDCA3FBB036800FD88191A8AE8DA3A4342174
                                                                                                                                                                                                                                        SHA-256:1E6E97E17CFEF544537D9D70EC6290FD795BEFA14AE4316418FBFA7366CBCDF9
                                                                                                                                                                                                                                        SHA-512:DB0334F9ED7C39F2C14202013B58DF9F4F136B36C3A0E806A44F10E2E6D2D7D8A4E8DB15DB77C70B904D992BE276885488AF7B598D94349AB0A16E254F6337ED
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:L..................F.... ........I......I...Y.....`.V.....................z.:..DG..Yr?.D..U..k0.&...&......vk.v....M{...I...K'..I......t...CFSF..1......Yl...Programs....t.Y^...H.g.3..(.....gVA.G..k...B......Yl..Yl............................r..P.r.o.g.r.a.m.s...D.V.1......Yn...Adblock.@......Yl..Yn...............................A.d.b.l.o.c.k.....b.2.`.V.*U/. .Adblock.exe.H......Yl..Yl.....q.........................A.d.b.l.o.c.k...e.x.e.......Z...............-.......Y.............U......C:\Users\user\Programs\Adblock\Adblock.exe..7.....\.....\.....\.....\.....\.U.s.e.r.s.\.j.o.n.e.s.\.P.r.o.g.r.a.m.s.\.A.d.b.l.o.c.k.\.A.d.b.l.o.c.k...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.P.r.o.g.r.a.m.s.\.A.d.b.l.o.c.k.........|....I.J.H..K..:...`.......X.......680718...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):49120
                                                                                                                                                                                                                                        Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:Ztt:T
                                                                                                                                                                                                                                        MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                                        SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                                        SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                                        SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Roboto-Medium[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):172064
                                                                                                                                                                                                                                        Entropy (8bit):6.474449197018235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:2zC+qmtn5wkex8r6Qym7KCkygAKuXylCC9ptSUXl8j/6afWUemhASD/JwXI:2825wklN7T3QtSUXzqefSTyXI
                                                                                                                                                                                                                                        MD5:D08840599E05DB7345652D3D417574A9
                                                                                                                                                                                                                                        SHA1:5F16F4D6DBB4A4F12D8AE96488AC209BB49762A5
                                                                                                                                                                                                                                        SHA-256:F205CC511821EA56078A105557FCEA6253129404D411C997E1866FBD006ABB68
                                                                                                                                                                                                                                        SHA-512:1610097AC5709EDBE56A05E6B337769DCB338BB4417693717B5A5E157E824E25E0AF4EDA1C297F35553DF05754D9785136FA230AB1CAFABFC44DA63C7547715B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B...."....bGPOS.nK...%`..e.GSUB..Y........OS/2.........`cmap.wX....X...Fcvt 1..K..0....\fpgm..$...-.....gasp......".....glyf/.....;,...<hdmxd.t....@....head...r...,...6hhea.......d...$hmtx..M........8loca..n...1.....maxp.>......... name.-.....h...hpost.m.d..".... prep...)../\...S......#...$6_.<...................R..$...\.s.................l.....k.$.A.\.............................N...............0.................3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d.................%.....e...`...d...c...V.Z.R.......(.....u.D.......G.<...*.....i.......Q...O...4.......u...E...h...]...........?.z...*.....<.(.[.S.......9.f.:.......e...r.j.....B...q.-.....T.............f.......`.......J...-.7.}.-.....0...).......P.1...X...1...k.5.......1.T.Z...|.0.O...O.K.S...-...R.q.y...}.....-.}.......|.s.y...O...|...O...|.!.K.....r.w.......!...........R...8.........Q.u.....}.d...^...].@.........Z...].D.W.......W.m...D.W.........J._...<...7...p.......E

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\ads-blocking[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14790
                                                                                                                                                                                                                                        Entropy (8bit):3.7328014531578635
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:/6V/SvlzRfQN3bz20/dyC9GXIAF2GuyRXsC9:zpK3bqAV0IAu6d
                                                                                                                                                                                                                                        MD5:2694271F1D41F85FF071B8E528979BDC
                                                                                                                                                                                                                                        SHA1:D82E952D006F6D765DB02EE1CC8C93EA0F4C6FEC
                                                                                                                                                                                                                                        SHA-256:15F216268C58DF39D83BC7601191659C7B8B42DF6AE3E15A6AEB9C45D6F20C51
                                                                                                                                                                                                                                        SHA-512:73490945A02587B8EABA1E6DBD8C7DB378398D5C985F41BF3C872F84FF4C722938536914C5F5C68BC1306B6836B3DC4B0E449C5E4CB92495AB6FB5531986854D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<svg width="159" height="156" viewBox="0 0 159 156" fill="none" xmlns="http://www.w3.org/2000/svg">..<path fill-rule="evenodd" clip-rule="evenodd" d="M151.399 62.0299C155.041 61.052 157.244 60.7968 158.408 60.8606C158.747 60.9031 158.895 61.3283 158.577 61.4346C158.497 61.5095 158.426 61.5751 158.363 61.6332L158.232 61.7541C158.047 61.9254 157.946 62.0186 157.848 62.1152C157.731 62.2304 157.619 62.3503 157.373 62.613L157.372 62.6135L157.372 62.6141L157.372 62.6144L157.371 62.615C157.123 62.88 156.739 63.2901 156.079 63.9858C156.056 64.0201 156.046 64.036 156.031 64.0433C156.018 64.0496 156.002 64.0496 155.973 64.0496C153.496 65.389 151.082 66.3882 146.296 67.6425C142.76 68.5567 137.721 70.1087 135.095 71.1292C130.543 72.8725 130.331 73.0638 130.289 74.5095C130.246 75.3599 130.162 77.5071 130.416 79.1654C130.246 85.4796 129.061 91.9 127.875 94.1323C127.197 95.3654 126.583 97.1938 126.456 98.2142C126.329 99.2347 125.99 99.8725 125.503 100.595C125.347 100.82 125.114 101.352 124.866 101.91

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\popover[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):9899
                                                                                                                                                                                                                                        Entropy (8bit):4.5668699558875865
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:O4nOYM4ln1eiC1Qfu6OArrRGjzLcyczRQ78:sydYUyEK4
                                                                                                                                                                                                                                        MD5:387AB3DB21F51CD49C119AA9502BC999
                                                                                                                                                                                                                                        SHA1:A0D8D38A6411EB49EFF257FA02ECBA3A06B477A7
                                                                                                                                                                                                                                        SHA-256:2B9D2DA24FB2280720ED7A4628764623C4D0BB23C35F631A5D34D48294281FA1
                                                                                                                                                                                                                                        SHA-512:46E1969D4A892ABED27D86541F4B9BDF70A0534759644B26897243F7384374D42BCFC4164E4B408408C42E308DECA3B10206C260BA0D2977C14B45973A798E55
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.<!DOCTYPE html>..<html>.. <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <style>.. @font-face {.. font-family: Roboto;.. font-weight: 300;.. src: url("UIFONT/Roboto-Light.ttf") format("truetype");.. }.... @font-face {.. font-family: Roboto;.. font-weight: normal;.. src: url("UIFONT/Roboto-Regular.ttf") format("truetype");.. }.... @font-face {.. font-family: Roboto;.. font-weight: bold;.. src: url("UIFONT/Roboto-Medium.ttf") format("truetype");.. }.... * {.. cursor: default;.. -webkit-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.. outline: none;.. }.... body,.. button,.. select {.. font-family: Roboto, sans-serif;.. }.... body,.. h1,.. select {.. fon

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\utils[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2930
                                                                                                                                                                                                                                        Entropy (8bit):5.299551273679684
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:PNZgqNU6aZXThfmRk4K6V2Rn/rOimiLW3KLtWB9ky3tT+36/F9P:PNOqN1aZXlR/r6KWSjqE69t
                                                                                                                                                                                                                                        MD5:99205792246A09E51BCD2934935D0B2E
                                                                                                                                                                                                                                        SHA1:F23DCFE972D08C32AD9538AC78B8A98DCD010B77
                                                                                                                                                                                                                                        SHA-256:968A0A76CA748B214C0F1E3E044D11832B7482E2098FF0A9AEC95ED2C5C64BDA
                                                                                                                                                                                                                                        SHA-512:A8598ED4B0AF71E4747BB9043998F940FEC33BBC533126B15FFADC0166880119AB15F6C9D7B7C218B33975682BB3BD8938B998198D9A161654D45ADF28578FBA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:'use strict';....window.chartColors = {...red: 'rgb(255, 99, 132)',...orange: 'rgb(255, 159, 64)',...yellow: 'rgb(255, 205, 86)',...green: 'rgb(75, 192, 192)',...blue: 'rgb(54, 162, 235)',...purple: 'rgb(153, 102, 255)',...grey: 'rgb(201, 203, 207)'..};....(function(global) {...var Months = [....'January',....'February',....'March',....'April',....'May',....'June',....'July',....'August',....'September',....'October',....'November',....'December'...];.....var COLORS = [....'#4dc9f6',....'#f67019',....'#f53794',....'#537bc4',....'#acc236',....'#166a8f',....'#00a950',....'#58595b',....'#8549ba'...];.....var Samples = global.Samples || (global.Samples = {});...var Color = global.Color;.....Samples.utils = {....// Adapted from http://indiegamr.com/generate-repeatable-random-numbers-in-js/....srand: function(seed) {.....this._seed = seed;....},......rand: function(min, max) {.....var seed = this._seed;.....min = min === undefined ? 0 : min;.....max = max === undefined ? 1 : max;.....this._s

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\Roboto-Light[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto LightRegularVersion 2.137; 2017Roboto-Ligh
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):170420
                                                                                                                                                                                                                                        Entropy (8bit):6.484124799440601
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:T/hzuXlLgbEmk0/Dv6QKwRr4T2EUtxq2FquPtQ17uNOIOU7og2FnI:hIqXpSIE6Ey/Q1cWUMxFnI
                                                                                                                                                                                                                                        MD5:FC84E998BC29B297EA20321E4C90B6ED
                                                                                                                                                                                                                                        SHA1:73A2BB2D6E591A90FFB4ED118A3989FB17B54C7B
                                                                                                                                                                                                                                        SHA-256:A6D343D425BC38DB90152FA06058B1C7391ECA9264F334EF65C1CE175085C6F6
                                                                                                                                                                                                                                        SHA-512:B4CA0BD4D54CE7C896F7BBE931B45347CA7BF6DA10EC1A4DAC9479E5A98573DB531FE96CEDC7A4B67371CC600A587FD508FA4ACDB08233AEBEA89D8EF7AE9769
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B....#....bGPOS......&X..].GSUB..Y...$....OS/2...........`cmap.wX....X...Fcvt /.....0....Xfpgm.."...-.....gasp......#.....glyf......;....VhdmxG`Rp...@....head.Y.i...,...6hhea.......d...$hmtxU.?.......8loca...t..0.....maxp.>.\....... namegYaG...h...`post.m.d..#.... prepz/.W../\...:......#.8R.o_.<...................R.. .....s.................l.....7. .E...............................Y...............r.......o.,.......3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d.....................L.....U.o.s...m...l.\.w.......!.e.....K...<.J.1.....-...o.x.o...o.i.o.b.o.C.o...o...o.M.o.j.o.e.......<...M.m...%.|...T.N.q.........2...=...........x.......!...g.G.....7...........j.}.....j.y.......X...4.B.......,.=...7.......Z.....'.0.....T.M.t...I.g.I.d.o.....^.r.l.".Z...?.p.l.d.......................e...{.Z.o...v.l.......e.....e.....&...?...0... ...W...D.........z.......[.w...]...m. .........f.q...e.k.......{.].|.j.f.j.......=.T...L...G.@.|.t.....S

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\cog-dark[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1189
                                                                                                                                                                                                                                        Entropy (8bit):4.129781953740453
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:t41h/ZHK3qAQbLxjmNkApS7TyjexQAXm8AxNyAXIGtPFwz8:CRbltnSCmL5B88
                                                                                                                                                                                                                                        MD5:A2B97B0870E7E89B4BBE0A2508361F1E
                                                                                                                                                                                                                                        SHA1:A7C0517787357960280C778AA7D066B244883A63
                                                                                                                                                                                                                                        SHA-256:9AB5EF7D1F94CB9933A6803C4E044A57DFC84605242C5291199F6BDA5D74DC88
                                                                                                                                                                                                                                        SHA-512:B60AA42117C75FDFCFDCEB93D59156E1AD8F1DA8C5D0721DB921E629182499B5F8F740FE6B42B0B267B72969BFA06ECD353319BF52AB434E2CC04D932573563E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M444.788 291.1l42.616 24.599c4.867 2.809 7.126 8.618 5.459 13.985-11.07 35.642-29.97 67.842-54.689 94.586a12.016 12.016 0 0 1-14.832 2.254l-42.584-24.595a191.577 191.577 0 0 1-60.759 35.13v49.182a12.01 12.01 0 0 1-9.377 11.718c-34.956 7.85-72.499 8.256-109.219.007-5.49-1.233-9.403-6.096-9.403-11.723v-49.184a191.555 191.555 0 0 1-60.759-35.13l-42.584 24.595a12.016 12.016 0 0 1-14.832-2.254c-24.718-26.744-43.619-58.944-54.689-94.586-1.667-5.366.592-11.175 5.459-13.985L67.212 291.1a193.48 193.48 0 0 1 0-70.199l-42.616-24.599c-4.867-2.809-7.126-8.618-5.459-13.985 11.07-35.642 29.97-67.842 54.689-94.586a12.016 12.016 0 0 1 14.832-2.254l42.584 24.595a191.577 191.577 0 0 1 60.759-35.13V25.759a12.01 12.01 0 0 1 9.377-11.718c34.956-7.85 72.499-8.256 109.219-.007 5.49 1.233 9.403 6.096 9.403 11.723v49.184a191.555 191.555 0 0 1 60.759 35.13l42.584-24.595a12.016 12.016 0 0 1 14.832 2.254c24.718 26.744 43.619 58.944 54.689 94.58

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\es6-shim[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):143529
                                                                                                                                                                                                                                        Entropy (8bit):4.825646339539953
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:igMNgEPDhPIOvHsuANj1cgVFcHcpjoB2XQKOe33JhIxCOLIjD40JqxRC37Wp2aYm:SdspjkeUxlO9Y2aM+F5
                                                                                                                                                                                                                                        MD5:6B235DC32C85B5D4406D075111450555
                                                                                                                                                                                                                                        SHA1:8C7480B41069FE0947F7B38F2A61C0598B2D915D
                                                                                                                                                                                                                                        SHA-256:338293073234BE522D24946CA23AF75E1AA1C3ED60773454E8BAF0C036FBFF39
                                                                                                                                                                                                                                        SHA-512:0C51266848FE09FBCEBCE9F3F3DAE75920C9E2B42B40164C2CD662A05B497ADFABEEE744D68AE5BB2D697B75EA87A03B8A0246B273FFE7B49E5561ACCC77710E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:/*!.. * https://github.com/paulmillr/es6-shim.. * @license es6-shim Copyright 2013-2016 by Paul Miller (http://paulmillr.com).. * and contributors, MIT License.. * es6-shim: v0.35.4.. * see https://github.com/paulmillr/es6-shim/blob/0.35.3/LICENSE.. * Details and documentation:.. * https://github.com/paulmillr/es6-shim/.. */....// UMD (Universal Module Definition)..// see https://github.com/umdjs/umd/blob/master/returnExports.js..(function (root, factory) {.. /*global define, module, exports */.. if (typeof define === 'function' && define.amd) {.. // AMD. Register as an anonymous module... define(factory);.. } else if (typeof exports === 'object') {.. // Node. Does not work with strict CommonJS, but.. // only CommonJS-like environments that support module.exports,.. // like Node... module.exports = factory();.. } else {.. // Browser globals (root is window).. root.returnExports = factory();.. }..}(this, function () {.. 'use strict';.... var _apply = Fu

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Chart.bundle[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (867), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):554291
                                                                                                                                                                                                                                        Entropy (8bit):5.212601153857884
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:FNgaSM03j+0S5xS8fXTA1Y+cEKbvWqtpZszJjdawO4n:FNg/M03+WfqQn
                                                                                                                                                                                                                                        MD5:B77A65D8A00D8473C37BDA145A0B6616
                                                                                                                                                                                                                                        SHA1:F355EE744D8B973AD35E9E0EE29723608B705187
                                                                                                                                                                                                                                        SHA-256:E5D2FB5368E1358B5F755CFC2A48A5DE02D50CE37CD6A45B623E73B0B718EB1C
                                                                                                                                                                                                                                        SHA-512:D38404578E8B8B850E818BB741F70A0CAA39231A96BCAC52667202645B8567630FCAB652D23A83D8A65ED01A859C3DD1428E1419F5396889F18B3CAE7E9F88C3
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:/*!.. * Chart.js.. * http://chartjs.org/.. * Version: 2.7.2.. *.. * Copyright 2018 Chart.js Contributors.. * Released under the MIT license.. * https://github.com/chartjs/Chart.js/blob/master/LICENSE.md.. */..(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.Chart = f()}})(function(){var define,module,exports;return (function(){function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.le

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Roboto-Regular[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):171676
                                                                                                                                                                                                                                        Entropy (8bit):6.461076726743102
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Jyz4u0oy2goL/sAQRuzzlPrvRwhRFUzMWlYfxJVBxV+aYT3qPXZ10uNOIOU7og2i:JahOmCeu+bqPp1hWUMxFnI
                                                                                                                                                                                                                                        MD5:3E1AF3EF546B9E6ECEF9F3BA197BF7D2
                                                                                                                                                                                                                                        SHA1:DD1B1DB13FF1F72138C134C62F38FEF83749F36A
                                                                                                                                                                                                                                        SHA-256:79E851404657DAC2106B3D22AD256D47824A9A5765458EDB72C9102A45816D95
                                                                                                                                                                                                                                        SHA-512:81A9260AA3597C02C40AB4642C565D7584D99DDCB8A59ADDC92C15BA93F96F05F2C94DC77C2D5C11C1805F593D84E5E9C62373ECC6CA43A76D15C05C1B1D116E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B....(....bGPOS......+@..].GSUB..Y........OS/2...........`cmap.wX....X...Fcvt +.....0....Tfpgmw.`...-.....gasp......(.....glyf&.....;....lhdmxUz`z...@....head.j.z...,...6hhea.......d...$hmtx.r.........8loca.w....0.....maxp.>......... name.....$....&post.m.d..(.... prep.f..../\...I......#...pH_.<...................R......0.s.................l.....I...J.0.............................T...............$.................3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d...........................w.~.n...i...e.e.g.......&.r.....N.....5.%.....L...~.s.~...~.].~.^.~.5.~...~...~.M.~.p.~.d.......)...H.d.........K./.j.8.......5.w.?.......l...s.z.....-...j.5.....N.............v.......m.......P...1.0.........=...9.......V.....H.(.....X.@.....y.9.Z.m.}...0.\..._.=.]...<.}.`.h.......................j.....[.}....._..... ._.....i.....!...+...).......X...@.........q.......`.i...[...i.3.........Z.X.e.I.[.......f.n...J.Z.........F.a...B...>...{.......C

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\powered-by[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):13848
                                                                                                                                                                                                                                        Entropy (8bit):4.170851780555675
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:kN9rdBnZRplI2+BxHe/ceM4/gKoq2brvW/3mcZbi36s:kN5nZRpSV3He/ceyKoq2brvW/3mcliqs
                                                                                                                                                                                                                                        MD5:E942F53ED2CDFCEE5546FEC81E0167FB
                                                                                                                                                                                                                                        SHA1:4A2E1B88F946718DFEF0AE502AC3589B17BDAD9A
                                                                                                                                                                                                                                        SHA-256:6A6691006A27F0349FD45C96A27570319550C7202BA3F1AD4956AD08866D5EE5
                                                                                                                                                                                                                                        SHA-512:1250EBF4B85417472639BA340285F34E3DEA080BD8C90F9CA8AA230971F611E1099267454EBAE53FA7ECF956F146C4B830405C504333FDA8AB6FAC97DE5522FE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8"?>..<svg width="116px" height="26px" viewBox="0 0 116 26" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">.. <title>massive-badge</title>.. <defs>.. <linearGradient x1="19.1764363%" y1="53.1848308%" x2="77.3246923%" y2="50%" id="linearGradient-1">.. <stop stop-color="#FF9964" offset="28.8159321%"></stop>.. <stop stop-color="#FF6E63" offset="100%"></stop>.. </linearGradient>.. </defs>.. <g id="Symbols" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">.. <g id="Group-3">.. <path d="M28.5161129,0 L116,0 L116,0 L116,26 L0,26 L15.6241061,6.24126607 C18.7412339,2.29924857 23.4905793,9.23175545e-16 28.5161129,0 Z" id="Rectangle" fill="#FFFFFF" fill-rule="nonzero"></path>.. <path d="M20.2542139,20.1978368 L27.1783045,12.8408421 C28.1898212,11.7660839 29.8810811,11.7148166 30.9558393,12.7263333 C30.9864749,12.7551662 31.016425

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\logo[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PNG image data, 480 x 84, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6354
                                                                                                                                                                                                                                        Entropy (8bit):7.81418573076565
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:b+gz4zQnVp8TktKAzQ1RDXp6T4PATHxSyHycTBjLvaHlHJWCaN9k5tNY2tg:b+q4zQVpBdz+dXp61tlvuYCK9g23
                                                                                                                                                                                                                                        MD5:96E74E5D25566DBBD6744CA2A83C6873
                                                                                                                                                                                                                                        SHA1:124AC749B40C24C84BB2F8AE6A02530BFC69458B
                                                                                                                                                                                                                                        SHA-256:FAA33DABB3130FC5969B85753ABB4D69AAB21C542AB455214B4147514EF41584
                                                                                                                                                                                                                                        SHA-512:8B5F70C8B11CB96F4D72BB7073FB7756A985ED80B664624B6F02BF9310AAB030A88D25AA26F706059AA791BC893382309EA2AFC7F597472D1924915812573780
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......T.....m&.p....PLTELiq+++...,,,,,,+++---++++++,,,''',,,,,,,,,,,,++++++***666,,,+++???---+++,,,.....!,,,++++++,,,+++***+++++++++UUU+++,,,++++++,,,+++,,,,,,...+++,,,+++,,,,,,,,,...,,,***)))......,,,+++,,,...,,,+++++++++,,,***++++++,,,+++,,,++++++++++++,,,+++...,,,,,,,,,,,,$$$,,,+++---+++++++++..(++++++,,,,,,..!+++..!+++..!.. ++++++,,,***+++++++++..!***........ .. ...+++,,,.....!,,,+++.. ,,,.. ,,,.. .. +++..!.. .. .. .. +++++++++..!,,,,,,.."..!..!***..#.. .. ..!.. +++..!..!.. +++.. ..!..!.. .. ..!++++++.....!..... ++++++.. 000..!,,,..... .. .. ..!..!..*+++..!+++..!..!+++,,,+++&&&.. ..... .. .. ..#..!.. +++.. ,,,..... +++.. ..!..!+++..... ..... ..!.. .. ..!+++.. .. ..!..!.....",,,.. .. .. .. .. .. ..!..!.....%.. ..!..!..!.. ,,,.. M#)..!V")..!9)+,,,..!..&.."..%5*+..$..!r.(a )-,,K%*]/......tRNS.........`.....)............@7..jv.H.B.p4&.2.....[...x0......,.f....9..rY.N..}...m.!TK....PD...h....#.{........PY.S.=.a.u.....a]Gd3..,.....A#.;...~....cF .hF.VM......}.j.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\polyfill[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1429), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):237358
                                                                                                                                                                                                                                        Entropy (8bit):5.335210569551396
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:bK/QLxsOLxa7NVg5MWXR1dHbpszhuZI23:mklLxa7fY
                                                                                                                                                                                                                                        MD5:B4CB27E792E811B65834799E00907CC7
                                                                                                                                                                                                                                        SHA1:213E2407F3D9DB52A5395B40A42150156ADEDE97
                                                                                                                                                                                                                                        SHA-256:BF6E2C80613F712E214E8D3849080D21A8A3B3DAE7D35AD63CE11760CFD3765B
                                                                                                                                                                                                                                        SHA-512:D21BC622C03601C01CD15F38B5F4F473F5CBE96F54BFFF4F926DE81AA75E1DE8C79FE0039EA92A1ED5A980C069C1EB2732A843CFA27CE321FF5F974ADF33F084
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:(function(){function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s}return e})()({1:[function(_dereq_,module,exports){..(function (global){.."use strict";...._dereq_(2);...._dereq_(3);...._dereq_(9);...._dereq_(8);...._dereq_(10);...._dereq_(5);...._dereq_(6);...._dereq_(4);...._dereq_(7);...._dereq_(279);...._dereq_(280);....if (global._babelPolyfill && typeof console !== "undefined" && console.warn) {.. console.warn("@babel/polyfill is loaded more than once on this page. This is probably not desirable/intended " + "and may have consequences if different versions of the polyfills are applied sequentially. "

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\popover[1]

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):10587
                                                                                                                                                                                                                                        Entropy (8bit):5.117928654442203
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:2Tp6OHYy91UKKuSKWiGiEixiTi7iiLinii2YxPJFg0EXC+a7RMEmOa:Ip6sRLK8WiGiEixiTi7iiLinii2APo0S
                                                                                                                                                                                                                                        MD5:11778B3B941063DD6E65653E63883938
                                                                                                                                                                                                                                        SHA1:DCB7C6628FF7F64A2E1FF46497F02438257F0881
                                                                                                                                                                                                                                        SHA-256:B07226CE9E6359D395F5F2B5FA56508433049E84BAC4D701145276D8F0E8794D
                                                                                                                                                                                                                                        SHA-512:7D0EC02C282A58B67498E26454DD462C3232D4E562021036595CB8169FBADE2BEFB47B747B34AA352D9DCFED3639B5CB96FB77D3121956755D118D67E9617D01
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:function enableButtons(level) {.. var BUTTONS = document.getElementById(level).getElementsByTagName("button");.. var BUTTON_COUNT = BUTTONS.length;.... for (var i = 0; i < BUTTON_COUNT; i++) {.. var button = BUTTONS[i];.. if (button.disabled) button.disabled = false;.. }..}....function enableTopLevelButtons() {.. enableButtons("top-level");..}....function enableSecondLevelButtons() {.. enableButtons("second-level");..}....function removeChildren(element) {.. for (var firstChild = element.firstChild; firstChild; firstChild = element.firstChild).. element.removeChild(firstChild);..}....function addChartScaleOption(label, value) {.. var option = document.createElement("option");.. option.text = label;.. option.value = value;.. for (var i = 0; i < comboChartScale.length; ++i) {.. if (comboChartScale[i].label == label && comboChartScale[i].value == value) {.. return;.. }.. }.. comboChartScale.add(option);..}....function addChart(configuration) {.. currentCo

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #001.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (515), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):17730
                                                                                                                                                                                                                                        Entropy (8bit):5.166753502379502
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:384:qSh6aREruriYzuPtCdYmbujSup1z926db:FhzuPtCdYmyjSun926db
                                                                                                                                                                                                                                        MD5:757E9A0F5B5A1D41AAB94874D0891385
                                                                                                                                                                                                                                        SHA1:7ACB25A8120BD7941DC93B361DD2C170C5318EBE
                                                                                                                                                                                                                                        SHA-256:A4115D8B334BBDB61224A2A876486D79D392A7BAA9C973DCB9E7F327C2055822
                                                                                                                                                                                                                                        SHA-512:0E88E88B701030F02C4418832BAC57FC2D3DE3DB442EB07D1CE881A95473E7C745287E5DFF9A1164EE926ECAC82BA27AABEC8845C09D052E98C758AD26AAA280
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:03:10.809 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:03:10.809 Setup version: Inno Setup version 6.2.1..2024-12-08 19:03:10.809 Original Setup EXE: C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe..2024-12-08 19:03:10.809 Setup command line: /SL5="$10472,15557677,792064,C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741..2024-12-08 19:03:10.809 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:03:10.809 64-bit Windows: Yes..2024-12-08 19:03:10.809 Processor architecture: x64..2024-12-08 19:03:10.809 User privileges: Administrative..2024-12-08 19:03:10.902 Administrative install mode: Yes..2024-12-08 19:03:10.902 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:03:10.902 64-bit install mode: Yes..2024-12-08 19:03:10.934 Created temporary directory: C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp..2024-12-08 19:03:10.949 -- DLL function import --..2024-12-08 19:03:10.949

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #002.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5351
                                                                                                                                                                                                                                        Entropy (8bit):5.277855975280043
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:VzYafQLg1WPvYx2RqKB2RquD2Rq402RqO2RqV2RqLkjRXarZrLZX2aOQZr3K:W6CEEAIh4fK5VWvK4dadhXJDjK
                                                                                                                                                                                                                                        MD5:4AAB23B2C4A8EDF3FFB44F5A3D20D193
                                                                                                                                                                                                                                        SHA1:AFF2D3B163DD0F5AAF8C32BF628BF6EAF3307900
                                                                                                                                                                                                                                        SHA-256:5EC7E025DBF63E8ABB461AB6E33817EC6500B192155681B4809F7B4E8EC8F5AE
                                                                                                                                                                                                                                        SHA-512:BC885756FFEBDEAB6603A9AA46B7D7674D604B1386534F73B7466AD1558CBFB12E46986CFD3BA0CAC829A8245D6E25C01FD3D972A6D6583705DAB1FBC16D07EB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:03:59.782 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:03:59.782 Setup version: Inno Setup version 6.2.2..2024-12-08 19:03:59.782 Original Setup EXE: C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe..2024-12-08 19:03:59.782 Setup command line: /SL5="$404FC,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE..2024-12-08 19:03:59.782 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:03:59.782 64-bit Windows: Yes..2024-12-08 19:03:59.782 Processor architecture: x64..2024-12-08 19:03:59.782 User privileges: Administrative..2024-12-08 19:03:59.844 Administrative install mode: Yes..2024-12-08 19:03:59.844 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:03:59.844 64-bit install mode: Yes..2024-12-08 19:03:59.844 Created temporary directory: C:\Users\user\AppData

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #003.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5406
                                                                                                                                                                                                                                        Entropy (8bit):5.272823591740475
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:7tY7rKLXrrSbyMmzX6zR/5ezR/3MzR/xjzR/wzR/lzR/7OMtR9U6srG+fPrLsrZL:e7rKLXrrQL4OnyFIvvOHzfUtFfjIdL
                                                                                                                                                                                                                                        MD5:161D6F75FC186B4733A089DEDD56492B
                                                                                                                                                                                                                                        SHA1:5AD5AE9D34E5785277B894E66F6ECA7DB0782319
                                                                                                                                                                                                                                        SHA-256:2AA5AF87BB08344CA3E2D12CD7C675FB94735239EDACF009971C04C1E2D2B848
                                                                                                                                                                                                                                        SHA-512:6E46E610676BC39FF38C6A6162BEAB3D0B2E7052345CD05F54157AA0195BEAAA5F033DFC91C5E2F19E54A1A26EACFE56C200CD4352BBE94A94351796CCAA8E2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:05:30.833 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:05:30.833 Setup version: Inno Setup version 6.2.2..2024-12-08 19:05:30.833 Original Setup EXE: C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe..2024-12-08 19:05:30.833 Setup command line: /SL5="$C0254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE..2024-12-08 19:05:30.833 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:05:30.833 64-bit Windows: Yes..2024-12-08 19:05:30.833 Processor architecture: x64..2024-12-08 19:05:30.833 User privileges: Administrative..2024-12-08 19:05:30.848 Administrative install mode: Yes..2024-12-08 19:05:30.848 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:05:30.848 64-bit install mode: Yes..2024-12-08 19:05:30.848 Created temporary directory: C:\Users\user\AppData

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #004.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5407
                                                                                                                                                                                                                                        Entropy (8bit):5.2478633993310835
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:fJYRurOHKPytLpeHMR08LMR0oBMR06UqR+6qR+NqR+IwgPIRpoR0oR0XLrZoPPw0:eQromytLAsZwX+RJSvrwuI/oR0oR07uZ
                                                                                                                                                                                                                                        MD5:777FAA028D0FFA973EC2E53F7C859D29
                                                                                                                                                                                                                                        SHA1:001C733F1266E30F3A2EE844317DDF1DCE54EFE9
                                                                                                                                                                                                                                        SHA-256:6CEFBB42D622724F084620CADDA758FE7607001A6E2EA12DEAD1AE3416225DB0
                                                                                                                                                                                                                                        SHA-512:6EBCB08949E625F5EA7F8C683C4A374AD393044A620F6CC1727089E487F7B5ABEFB16DC8F0F618C197092BA2B8FDA4B9EDF2E8DDBA7BBC65C85438D34403EF20
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:06:06.783 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:06:06.783 Setup version: Inno Setup version 6.2.2..2024-12-08 19:06:06.783 Original Setup EXE: C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe..2024-12-08 19:06:06.783 Setup command line: /SL5="$140254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE..2024-12-08 19:06:06.783 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:06:06.783 64-bit Windows: Yes..2024-12-08 19:06:06.783 Processor architecture: x64..2024-12-08 19:06:06.783 User privileges: Administrative..2024-12-08 19:06:06.798 Administrative install mode: Yes..2024-12-08 19:06:06.798 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:06:06.798 64-bit install mode: Yes..2024-12-08 19:06:06.814 Created temporary directory: C:\Users\user\AppDat

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #005.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5351
                                                                                                                                                                                                                                        Entropy (8bit):5.277026230498775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:pjYBacFqRLWIuT4Rwsn4Rw4B4RwKy4RwK4Rwl4RwaORcPYNrLzQQ+NraX:KBaMGLsMN4TOV1WT6WPO7lEOX
                                                                                                                                                                                                                                        MD5:ED2A8B9FD807C1D01F43CF41A329A86A
                                                                                                                                                                                                                                        SHA1:416E5E4303E85392398933849EAC8641BCE3C915
                                                                                                                                                                                                                                        SHA-256:AAC39A6EC041B17F057452068188098131951ECE2238962480ADF329A4D0B3DE
                                                                                                                                                                                                                                        SHA-512:3264238189B062ECD95C6FE7D7815334D4C8FC9C8C93455C7209AF5CA56CFBB706F9D7245905EC88EFC8D0C4C28C115474E2288480420410673E8D51E01DCE81
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:06:32.551 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:06:32.551 Setup version: Inno Setup version 6.2.2..2024-12-08 19:06:32.551 Original Setup EXE: C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe..2024-12-08 19:06:32.551 Setup command line: /SL5="$904E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE..2024-12-08 19:06:32.551 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:06:32.551 64-bit Windows: Yes..2024-12-08 19:06:32.551 Processor architecture: x64..2024-12-08 19:06:32.551 User privileges: Administrative..2024-12-08 19:06:32.567 Administrative install mode: Yes..2024-12-08 19:06:32.567 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:06:32.567 64-bit install mode: Yes..2024-12-08 19:06:32.567 Created temporary directory: C:\Users\user\AppData

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Setup Log 2024-12-08 #006.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5407
                                                                                                                                                                                                                                        Entropy (8bit):5.2576212035826595
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:39YUY2r2DwHeDRPJeDRPnMDRPhfDRPwDRPlDRPbHRHWuirIV+2qGdirRJ:CUYo0wWvWtY3LObBxWT8Q2tcFJ
                                                                                                                                                                                                                                        MD5:3C4E7E60BA84AC194575142E6BBB9B2F
                                                                                                                                                                                                                                        SHA1:99FB8BF4054478B7D676D7B344FE6FBDFA1CCB65
                                                                                                                                                                                                                                        SHA-256:A9D0FE060A9ACFAEEE4FA15EDF2CA267FA14773A5A378936B1D568F6836EA33F
                                                                                                                                                                                                                                        SHA-512:43A0B0D192CEBCFA90BE023C1E0524A440D33292DEE156384A35216C5DD9D61D27AF6323665E04E8DEE152190CDED3E7D4F83EB100200810410EBBC7CD313994
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 19:06:59.589 Log opened. (Time zone: UTC-05:00)..2024-12-08 19:06:59.589 Setup version: Inno Setup version 6.2.2..2024-12-08 19:06:59.589 Original Setup EXE: C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe..2024-12-08 19:06:59.589 Setup command line: /SL5="$1104E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE..2024-12-08 19:06:59.589 Windows version: 10.0.19045 (NT platform: Yes)..2024-12-08 19:06:59.589 64-bit Windows: Yes..2024-12-08 19:06:59.589 Processor architecture: x64..2024-12-08 19:06:59.589 User privileges: Administrative..2024-12-08 19:06:59.605 Administrative install mode: Yes..2024-12-08 19:06:59.605 Install mode root key: HKEY_LOCAL_MACHINE..2024-12-08 19:06:59.605 64-bit install mode: Yes..2024-12-08 19:06:59.605 Created temporary directory: C:\Users\user\AppDat

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14500368
                                                                                                                                                                                                                                        Entropy (8bit):7.983802311201724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:Ck7m/zsH3KEWyL1RTJSL+Nn7+C3fbGGbbUXver+hUyKLns+JgukHh7zNCQG9qr:Cza37XTlzJh3fbGGhrPyAiBv0o
                                                                                                                                                                                                                                        MD5:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        SHA1:F3B2CCEC86F8A3543D5A35729B9D0138F4CC803F
                                                                                                                                                                                                                                        SHA-256:B00EC7B6171F98639B060F25E6A0DF8B5FA3507AF64484EA23A03234A74A87DF
                                                                                                                                                                                                                                        SHA-512:E227B4C79B99A4D145A7E2CDF738157A873B09192D9563DF8C248CECF832CF81A5C369DDD25091C99CB1745AD730623B05B1ED3E08DB852589550A33A1DB84DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...........^.......p....@......................................@......@...................@....... .......p..Tp..............x/...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc...Tp...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):14500368
                                                                                                                                                                                                                                        Entropy (8bit):7.983802311201724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:Ck7m/zsH3KEWyL1RTJSL+Nn7+C3fbGGbbUXver+hUyKLns+JgukHh7zNCQG9qr:Cza37XTlzJh3fbGGhrPyAiBv0o
                                                                                                                                                                                                                                        MD5:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        SHA1:F3B2CCEC86F8A3543D5A35729B9D0138F4CC803F
                                                                                                                                                                                                                                        SHA-256:B00EC7B6171F98639B060F25E6A0DF8B5FA3507AF64484EA23A03234A74A87DF
                                                                                                                                                                                                                                        SHA-512:E227B4C79B99A4D145A7E2CDF738157A873B09192D9563DF8C248CECF832CF81A5C369DDD25091C99CB1745AD730623B05B1ED3E08DB852589550A33A1DB84DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...........^.......p....@......................................@......@...................@....... .......p..Tp..............x/...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc...Tp...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14500368
                                                                                                                                                                                                                                        Entropy (8bit):7.983802311201724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:Ck7m/zsH3KEWyL1RTJSL+Nn7+C3fbGGbbUXver+hUyKLns+JgukHh7zNCQG9qr:Cza37XTlzJh3fbGGhrPyAiBv0o
                                                                                                                                                                                                                                        MD5:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        SHA1:F3B2CCEC86F8A3543D5A35729B9D0138F4CC803F
                                                                                                                                                                                                                                        SHA-256:B00EC7B6171F98639B060F25E6A0DF8B5FA3507AF64484EA23A03234A74A87DF
                                                                                                                                                                                                                                        SHA-512:E227B4C79B99A4D145A7E2CDF738157A873B09192D9563DF8C248CECF832CF81A5C369DDD25091C99CB1745AD730623B05B1ED3E08DB852589550A33A1DB84DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...........^.......p....@......................................@......@...................@....... .......p..Tp..............x/...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc...Tp...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14500368
                                                                                                                                                                                                                                        Entropy (8bit):7.983802311201724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:Ck7m/zsH3KEWyL1RTJSL+Nn7+C3fbGGbbUXver+hUyKLns+JgukHh7zNCQG9qr:Cza37XTlzJh3fbGGhrPyAiBv0o
                                                                                                                                                                                                                                        MD5:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        SHA1:F3B2CCEC86F8A3543D5A35729B9D0138F4CC803F
                                                                                                                                                                                                                                        SHA-256:B00EC7B6171F98639B060F25E6A0DF8B5FA3507AF64484EA23A03234A74A87DF
                                                                                                                                                                                                                                        SHA-512:E227B4C79B99A4D145A7E2CDF738157A873B09192D9563DF8C248CECF832CF81A5C369DDD25091C99CB1745AD730623B05B1ED3E08DB852589550A33A1DB84DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...........^.......p....@......................................@......@...................@....... .......p..Tp..............x/...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc...Tp...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):14500368
                                                                                                                                                                                                                                        Entropy (8bit):7.983802311201724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:Ck7m/zsH3KEWyL1RTJSL+Nn7+C3fbGGbbUXver+hUyKLns+JgukHh7zNCQG9qr:Cza37XTlzJh3fbGGhrPyAiBv0o
                                                                                                                                                                                                                                        MD5:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        SHA1:F3B2CCEC86F8A3543D5A35729B9D0138F4CC803F
                                                                                                                                                                                                                                        SHA-256:B00EC7B6171F98639B060F25E6A0DF8B5FA3507AF64484EA23A03234A74A87DF
                                                                                                                                                                                                                                        SHA-512:E227B4C79B99A4D145A7E2CDF738157A873B09192D9563DF8C248CECF832CF81A5C369DDD25091C99CB1745AD730623B05B1ED3E08DB852589550A33A1DB84DA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...........^.......p....@......................................@......@...................@....... .......p..Tp..............x/...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc...Tp...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dat43A3.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto LightRegularVersion 2.137; 2017Roboto-Ligh
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):170420
                                                                                                                                                                                                                                        Entropy (8bit):6.484124799440601
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:T/hzuXlLgbEmk0/Dv6QKwRr4T2EUtxq2FquPtQ17uNOIOU7og2FnI:hIqXpSIE6Ey/Q1cWUMxFnI
                                                                                                                                                                                                                                        MD5:FC84E998BC29B297EA20321E4C90B6ED
                                                                                                                                                                                                                                        SHA1:73A2BB2D6E591A90FFB4ED118A3989FB17B54C7B
                                                                                                                                                                                                                                        SHA-256:A6D343D425BC38DB90152FA06058B1C7391ECA9264F334EF65C1CE175085C6F6
                                                                                                                                                                                                                                        SHA-512:B4CA0BD4D54CE7C896F7BBE931B45347CA7BF6DA10EC1A4DAC9479E5A98573DB531FE96CEDC7A4B67371CC600A587FD508FA4ACDB08233AEBEA89D8EF7AE9769
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B....#....bGPOS......&X..].GSUB..Y...$....OS/2...........`cmap.wX....X...Fcvt /.....0....Xfpgm.."...-.....gasp......#.....glyf......;....VhdmxG`Rp...@....head.Y.i...,...6hhea.......d...$hmtxU.?.......8loca...t..0.....maxp.>.\....... namegYaG...h...`post.m.d..#.... prepz/.W../\...:......#.8R.o_.<...................R.. .....s.................l.....7. .E...............................Y...............r.......o.,.......3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d.....................L.....U.o.s...m...l.\.w.......!.e.....K...<.J.1.....-...o.x.o...o.i.o.b.o.C.o...o...o.M.o.j.o.e.......<...M.m...%.|...T.N.q.........2...=...........x.......!...g.G.....7...........j.}.....j.y.......X...4.B.......,.=...7.......Z.....'.0.....T.M.t...I.g.I.d.o.....^.r.l.".Z...?.p.l.d.......................e...{.Z.o...v.l.......e.....e.....&...?...0... ...W...D.........z.......[.w...]...m. .........f.q...e.k.......{.].|.j.f.j.......=.T...L...G.@.|.t.....S

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dat43E3.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 26 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularVersion 2.137; 2017Roboto-RegularRob
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):171676
                                                                                                                                                                                                                                        Entropy (8bit):6.461076726743102
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:Jyz4u0oy2goL/sAQRuzzlPrvRwhRFUzMWlYfxJVBxV+aYT3qPXZ10uNOIOU7og2i:JahOmCeu+bqPp1hWUMxFnI
                                                                                                                                                                                                                                        MD5:3E1AF3EF546B9E6ECEF9F3BA197BF7D2
                                                                                                                                                                                                                                        SHA1:DD1B1DB13FF1F72138C134C62F38FEF83749F36A
                                                                                                                                                                                                                                        SHA-256:79E851404657DAC2106B3D22AD256D47824A9A5765458EDB72C9102A45816D95
                                                                                                                                                                                                                                        SHA-512:81A9260AA3597C02C40AB4642C565D7584D99DDCB8A59ADDC92C15BA93F96F05F2C94DC77C2D5C11C1805F593D84E5E9C62373ECC6CA43A76D15C05C1B1D116E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B....(....bGPOS......+@..].GSUB..Y........OS/2...........`cmap.wX....X...Fcvt +.....0....Tfpgmw.`...-.....gasp......(.....glyf&.....;....lhdmxUz`z...@....head.j.z...,...6hhea.......d...$hmtx.r.........8loca.w....0.....maxp.>......... name.....$....&post.m.d..(.... prep.f..../\...I......#...pH_.<...................R......0.s.................l.....I...J.0.............................T...............$.................3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d...........................w.~.n...i...e.e.g.......&.r.....N.....5.%.....L...~.s.~...~.].~.^.~.5.~...~...~.M.~.p.~.d.......)...H.d.........K./.j.8.......5.w.?.......l...s.z.....-...j.5.....N.............v.......m.......P...1.0.........=...9.......V.....H.(.....X.@.....y.9.Z.m.}...0.\..._.=.]...<.}.`.h.......................j.....[.}....._..... ._.....i.....!...+...).......X...@.........q.......`.i...[...i.3.........Z.X.e.I.[.......f.n...J.Z.........F.a...B...>...{.......C

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\dat4413.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:TrueType Font data, 18 tables, 1st "GDEF", 28 names, Macintosh, Copyright 2011 Google Inc. All Rights Reserved.Roboto MediumRegularVersion 2.137; 2017Roboto-Med
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):172064
                                                                                                                                                                                                                                        Entropy (8bit):6.474449197018235
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:2zC+qmtn5wkex8r6Qym7KCkygAKuXylCC9ptSUXl8j/6afWUemhASD/JwXI:2825wklN7T3QtSUXzqefSTyXI
                                                                                                                                                                                                                                        MD5:D08840599E05DB7345652D3D417574A9
                                                                                                                                                                                                                                        SHA1:5F16F4D6DBB4A4F12D8AE96488AC209BB49762A5
                                                                                                                                                                                                                                        SHA-256:F205CC511821EA56078A105557FCEA6253129404D411C997E1866FBD006ABB68
                                                                                                                                                                                                                                        SHA-512:1610097AC5709EDBE56A05E6B337769DCB338BB4417693717B5A5E157E824E25E0AF4EDA1C297F35553DF05754D9785136FA230AB1CAFABFC44DA63C7547715B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:........... GDEF.B...."....bGPOS.nK...%`..e.GSUB..Y........OS/2.........`cmap.wX....X...Fcvt 1..K..0....\fpgm..$...-.....gasp......".....glyf/.....;,...<hdmxd.t....@....head...r...,...6hhea.......d...$hmtx..M........8loca..n...1.....maxp.>......... name.-.....h...hpost.m.d..".... prep...)../\...S......#...$6_.<...................R..$...\.s.................l.....k.$.A.\.............................N...............0.................3.......3.....f..................P. [... ....GOOG.@.........f.... ........:... . .....d.................%.....e...`...d...c...V.Z.R.......(.....u.D.......G.<...*.....i.......Q...O...4.......u...E...h...]...........?.z...*.....<.(.[.S.......9.f.:.......e...r.j.....B...q.-.....T.............f.......`.......J...-.7.}.-.....0...).......P.1...X...1...k.5.......1.T.Z...|.0.O...O.K.S...-...R.q.y...}.....-.}.......|.s.y...O...|...O...|.!.K.....r.w.......!...........R...8.........Q.u.....}.d...^...].@.........Z...].D.W.......W.m...D.W.........J._...<...7...p.......E

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: iX7ahNVKav.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: BJeLg1HKR4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: php_thetitle_.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: run_206fc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Windows_10_Pro_Anniversary_Update_PT-BR_3265_Bits.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: run_206fc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Windows_10_Pro_Anniversary_Update_PT-BR_3265_Bits.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: 54zEUp34e1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: 54zEUp34e1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: VSiqfvLPjE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3AK7D.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-3FQ48.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-4OLNI.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-AGAPS.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):3140440
                                                                                                                                                                                                                                        Entropy (8bit):6.371127912080144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbH333yUN:0tLutqgwh4NYxtJpkxhGs333P
                                                                                                                                                                                                                                        MD5:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        SHA1:D203B9224B103B3A4F85E10CD579684B58DC1EE8
                                                                                                                                                                                                                                        SHA-256:3AA610BCF011024A18EE86FA2A7FB78401472AB6159D78F609CDF46ADEBD3AA7
                                                                                                                                                                                                                                        SHA-512:0421E39424D0343A9C637D2F523A00191D2BAC0FACB84F140C6BC566E5861B2519922CD2F41622456FD2019DFC5A7F1AFBC4708EA11DEE90CDECE471DCADCDA1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..l......hf,......p,...@...........................0.....Q*0...@......@....................-.......-..9......L............./.X/...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...L.............-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-ICQDA.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3140440
                                                                                                                                                                                                                                        Entropy (8bit):6.371127912080144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbH333yUN:0tLutqgwh4NYxtJpkxhGs333P
                                                                                                                                                                                                                                        MD5:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        SHA1:D203B9224B103B3A4F85E10CD579684B58DC1EE8
                                                                                                                                                                                                                                        SHA-256:3AA610BCF011024A18EE86FA2A7FB78401472AB6159D78F609CDF46ADEBD3AA7
                                                                                                                                                                                                                                        SHA-512:0421E39424D0343A9C637D2F523A00191D2BAC0FACB84F140C6BC566E5861B2519922CD2F41622456FD2019DFC5A7F1AFBC4708EA11DEE90CDECE471DCADCDA1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..l......hf,......p,...@...........................0.....Q*0...@......@....................-.......-..9......L............./.X/...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...L.............-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3140440
                                                                                                                                                                                                                                        Entropy (8bit):6.371127912080144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbH333yUN:0tLutqgwh4NYxtJpkxhGs333P
                                                                                                                                                                                                                                        MD5:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        SHA1:D203B9224B103B3A4F85E10CD579684B58DC1EE8
                                                                                                                                                                                                                                        SHA-256:3AA610BCF011024A18EE86FA2A7FB78401472AB6159D78F609CDF46ADEBD3AA7
                                                                                                                                                                                                                                        SHA-512:0421E39424D0343A9C637D2F523A00191D2BAC0FACB84F140C6BC566E5861B2519922CD2F41622456FD2019DFC5A7F1AFBC4708EA11DEE90CDECE471DCADCDA1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..l......hf,......p,...@...........................0.....Q*0...@......@....................-.......-..9......L............./.X/...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...L.............-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3140440
                                                                                                                                                                                                                                        Entropy (8bit):6.371127912080144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbH333yUN:0tLutqgwh4NYxtJpkxhGs333P
                                                                                                                                                                                                                                        MD5:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        SHA1:D203B9224B103B3A4F85E10CD579684B58DC1EE8
                                                                                                                                                                                                                                        SHA-256:3AA610BCF011024A18EE86FA2A7FB78401472AB6159D78F609CDF46ADEBD3AA7
                                                                                                                                                                                                                                        SHA-512:0421E39424D0343A9C637D2F523A00191D2BAC0FACB84F140C6BC566E5861B2519922CD2F41622456FD2019DFC5A7F1AFBC4708EA11DEE90CDECE471DCADCDA1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..l......hf,......p,...@...........................0.....Q*0...@......@....................-.......-..9......L............./.X/...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...L.............-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3137376
                                                                                                                                                                                                                                        Entropy (8bit):6.363796358990638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:pdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg333yp:aHDYsqiPRhINnq95FoHVBg333Y
                                                                                                                                                                                                                                        MD5:1228C03BA840482EAC14E25B727F65B5
                                                                                                                                                                                                                                        SHA1:EAA92BE989FF71DC2B7CF090B2A8183A3C44E655
                                                                                                                                                                                                                                        SHA-256:A048CCBD5797616ED03EA8C13DDEA2EC868E0EA22ECC6F475BF7E3BA42AA77B7
                                                                                                                                                                                                                                        SHA-512:77E874DC88B428C43A72ED8AB9E00E98872E9B47C4AD18F35019AA26C89DE909448D5EC83A289ED87D8DDBEA6E9515C5932973CF54EA3F535D7F2E11BC2318BB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..j......`V,......`,...@...........................0......0...@......@....................-.......-..9..................../.`/....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\PEInjector.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):191384
                                                                                                                                                                                                                                        Entropy (8bit):6.606319812980724
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:GHYbm1i+GQ/kUopeW6ZuWUBQJwREy1mN1DX7JxAg0FujtI4U42B/mPnX:uDvkUppZu/8oZ1+AO32YPX
                                                                                                                                                                                                                                        MD5:A4CF124B21795DFD382C12422FD901CA
                                                                                                                                                                                                                                        SHA1:7E2832F3B8B8E06AE594558D81416E96A81D3898
                                                                                                                                                                                                                                        SHA-256:9E371A745EA2C92C4BA996772557F4A66545ED5186D02BB2E73E20DC79906EC7
                                                                                                                                                                                                                                        SHA-512:3EE82D438E4A01D543791A6A17D78E148A68796E5F57D7354DA36DA0755369091089466E57EE9B786E7E0305A4321C281E03AEB24F6EB4DD07E7408EB3763CDD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d.I. .'. .'. .'.4.$.-.'.4."...'.4.#.6.'.r.#./.'.r.$.4.'.r.".a.'.4.&.#.'. .&.x.'.x.".!.'.x.'.!.'.x..!.'. ...!.'.x.%.!.'.Rich .'.........PE..L...k..b...........!.................c...............................................b....@.............................h...x...(.......H................%...........x...............................x..@...............0............................text...2........................... ..`.rdata..L...........................@..@.data...............................@....rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-S0UDM.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):6144
                                                                                                                                                                                                                                        Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                        MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                        SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                        SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                        SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3140440
                                                                                                                                                                                                                                        Entropy (8bit):6.371127912080144
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:wWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbH333yUN:0tLutqgwh4NYxtJpkxhGs333P
                                                                                                                                                                                                                                        MD5:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        SHA1:D203B9224B103B3A4F85E10CD579684B58DC1EE8
                                                                                                                                                                                                                                        SHA-256:3AA610BCF011024A18EE86FA2A7FB78401472AB6159D78F609CDF46ADEBD3AA7
                                                                                                                                                                                                                                        SHA-512:0421E39424D0343A9C637D2F523A00191D2BAC0FACB84F140C6BC566E5861B2519922CD2F41622456FD2019DFC5A7F1AFBC4708EA11DEE90CDECE471DCADCDA1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..l......hf,......p,...@...........................0.....Q*0...@......@....................-.......-..9......L............./.X/...........................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc...L.............-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):540456
                                                                                                                                                                                                                                        Entropy (8bit):6.4900404695826275
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:GUBa9WxfxYRW3vwDaduy2NBCzrCJDVxsR7LafByUb2iqyTOHD:da9WxfiRCv2anZnXtLa32idOHD
                                                                                                                                                                                                                                        MD5:EB948284236E2D61EAE0741280265983
                                                                                                                                                                                                                                        SHA1:D5180DB7F54DE24C27489B221095871A52DC9156
                                                                                                                                                                                                                                        SHA-256:DBE5A7DAF5BCFF97F7C48F9B5476DB3072CC85FBFFD660ADAFF2E0455132D026
                                                                                                                                                                                                                                        SHA-512:6D8087022EE62ACD823CFA871B8B3E3251E44F316769DC04E2AD169E9DF6A836DBA95C3B268716F2397D6C6A3624A9E50DBE0BC847F3C4F3EF8E09BFF30F2D75
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                        • Rule: INDICATOR_EXE_Packed_SilentInstallBuilder, Description: Detects executables packed with Silent Install Builder, Source: C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll, Author: ditekSHen
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......A.....}...}...}^..|...}...|...}^..|...}^..|...}^..|...}^..|$..}...}x..}...|...}...|...}...|z..}...|...}...|...}..?}...}..W}...}...|...}Rich...}........................PE..L....mU_...........!.....2...................P.......................................8....@.........................@...\................"........... ..(....0..LH..X(..p....................).......(..@............P...............................text....1.......2.................. ..`.rdata...]...P...^...6..............@..@.data....I..........................@....rsrc....".......$..................@..@.reloc..LH...0...J..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16421784
                                                                                                                                                                                                                                        Entropy (8bit):7.986866878578413
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:393216:Yw/b4RSUZ564kCUTGbNSm1s+JgKKfmUX5fK05/D:YwD4RS54kCUTfm1s+JYJi09
                                                                                                                                                                                                                                        MD5:8D7DB88F1FB9C7308F7368AE65E3F0EF
                                                                                                                                                                                                                                        SHA1:5166FF1BB9B4B5D5F0AB460496CF7CC491F81F62
                                                                                                                                                                                                                                        SHA-256:5F81F8EE08A7460A3ABD3AED1DA137F2824BBDF804951477546A96300BD1E31F
                                                                                                                                                                                                                                        SHA-512:A620347B470C43F1D5D253A4899CBF89B1F9F631DA35E5740D5134155E66A2C1756660AC9BE21A6D9B5F830FA02461B3781DB5C9CFE9D56B23E1454B198A7316
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                                                                                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................R...........^.......p....@.................................u.....@......@...................@....... .......p...p...........d.../...................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc....p...p...r..................@..@....................................@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibCa.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                        Entropy (8bit):6.867501832742936
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:96:PAWqGuIO1w7JElw764ulqk4uWdCXufAx8Su2yk:oWaIO1S7ulqBhv+yk
                                                                                                                                                                                                                                        MD5:04F3C7753A4FCABCE7970BFA3B5C76FF
                                                                                                                                                                                                                                        SHA1:34FC37D42F86DAC1FD1171A806471CDFEAE9817B
                                                                                                                                                                                                                                        SHA-256:A735E33A420C2AD93279253BC57137947B5D07803FF438499AAAF6FD0692F4CD
                                                                                                                                                                                                                                        SHA-512:F774FC3F3EBF029DC6F122669060351CC58AE27C5224ABE2A6C8AB1308C4B796657D2F286760EB73A2AE7563EEEF335DAA70ED5E4B2560D34CA9873017658AFE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..MZ.........0......8-..@.8.0..p.........!...L.!This. program. cannot .be run i.n DOS mo.de....$...PE..L....d82........!..0............. ..B................... ...........@..*..-......#......`....O...+h..........(.Q..........8W.....O......HA...text..........u.[.......`.rsrc...M;.}.t.......@.0relo...U..)......B.......5...&......S..4o.......F.......s....(.....*..(....{.%...{.9....[...4.*..(".....}...."}A...}....D.}..6..B.(...+**D...* 6..si.......*...0.....,....(.....~......oRj..*&.....N"(@M.-...on.A..0......!H.(...o...."r..p(...(.E..r@.po.@.....o..........%.B.....(.@........o...&..% ....o.x......u...,..B...o!..B!....!...~...Tu.."..[......#E..8...o"..$Q ....c..o....*..*..`......IT..G.:. `....@;.`.0...`. 5.@.r?..pB1..s#.....A.R.%.r..p.%.DrW...%..*rFq .b*..s....%.o%@.%.oB&....o'...Do(..........o)......"o.>.o+..,oE..,a..+?.,-.@.t.7.a-%o......Yo/.../.o.].....-...r..../. #"...1..-......u.>....., ...o2......#...>....L....X..a"0.$..V..h".r..."3a..r.`.rZ@..p.(4 ....+!rh..c.B..r...po..D.U.*..*.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\SibClr.dll

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):52520
                                                                                                                                                                                                                                        Entropy (8bit):6.011934677477037
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:9GyM4uxlvOe/c1xpfLIa97v3A5KobiPWh:9G1vt/g7fLb97Y5VmY
                                                                                                                                                                                                                                        MD5:928E680DEA22C19FEBE9FC8E05D96472
                                                                                                                                                                                                                                        SHA1:0A4A749DDFD220E2B646B878881575FF9352CF73
                                                                                                                                                                                                                                        SHA-256:8B6B56F670D59FF93A1C7E601468127FC21F02DDE567B5C21A5D53594CDAEF94
                                                                                                                                                                                                                                        SHA-512:5FBC72C3FA98DC2B5AD2ED556D2C6DC9279D4BE3EB90FFD7FA2ADA39CB976EBA7CB34033E5786D1CB6137C64C869027002BE2F2CAD408ACEFD5C22006A1FEF34
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...d82............!..0.................. ........... ....................... ............@.....................................O.......h...............(...............8............................................ ............... ..H............text........ ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........S..4o..........................................................F......s....(....*..(....*..{....*..{....*..{....*..{....*..(......}......}......}.......}....*6..{....(...+**..{......*6..si........*...0...........(.....~........oj...*&~.......*N(....-.~.....on...*.0..........(....o......r...p(....(....r...po.......o...........%.~.......(..........o....&........o .......u....,.~......o!...on... ...!...~..u....,.~......o!...on... ..."...[..u....,.~......o!...on... ...#

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\logs\Adblock.exe_7932.log

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):294
                                                                                                                                                                                                                                        Entropy (8bit):4.400042664734226
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:E5irry8v8VYmSSrOaQWFYTh2bRPwknaZ5tHoLT7WbK8FLm:E5q8FyabYrHtISbK+Lm
                                                                                                                                                                                                                                        MD5:6606A540ACB070C35CB9DA7C51085248
                                                                                                                                                                                                                                        SHA1:30B373F2E4D603093875AB06801534227EE76773
                                                                                                                                                                                                                                        SHA-256:97E633B4E645480B1D464A50B4A58A97EC66853C894BA1A222394D44F710BA55
                                                                                                                                                                                                                                        SHA-512:27A1F63E5072417435999286283179AD2F0EED0D78974E045D0B1CB170CA4DFD1154FAD4B2171810E065369F1812C586DB13A0111E7669FE8EAC756D9F84D1AB
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 20:47:28.707 NONE [7936] .==================================================.Init e Massive (0.11.0).==================================================.2024-12-08 20:47:30.989 INFO [7936] Database at C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage successfully opened.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\000001.dbtmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\000002.dbtmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                        MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                        SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                        SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                        SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MANIFEST-000002.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\CURRENT (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\CURRENT~RF622bf5.TMP (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):16
                                                                                                                                                                                                                                        Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                        MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                        SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                        SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                        SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:MANIFEST-000001.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\LOG

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):50
                                                                                                                                                                                                                                        Entropy (8bit):4.3034651896016465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:tRmKUc0dPQASWFy:vF0dgv
                                                                                                                                                                                                                                        MD5:3F0517AC1DBB92D2650B105BAFF645E2
                                                                                                                                                                                                                                        SHA1:9F35CD46EBB9037926017C5813E2E05757D30132
                                                                                                                                                                                                                                        SHA-256:1638471E0F0A934DBF06171CE6ECAC58543C965F06EE7CAFE4BF1E332914CC03
                                                                                                                                                                                                                                        SHA-512:1417F7C1B1897C6AA356A78DCDBC8327C03D266E6E23722B9645ECDA112545BEAEEE53A22864E2BCA5E0C46E5474C2515537D9D7ACAE223AF6405290EA3B7A13
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:2024/12/08-19:03:34.148000 7936 Delete type=3 #1..

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\MANIFEST-000001

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                                        Entropy (8bit):4.265319531114783
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:xs3Zjn:gn
                                                                                                                                                                                                                                        MD5:8A6E997CAA666545F6CDFA6A453B5871
                                                                                                                                                                                                                                        SHA1:51AA43820497F52B90FFDABBA3BC30C78A12261A
                                                                                                                                                                                                                                        SHA-256:47A5F530BDF0C10A875EA2339EDCAECF7831F4E77F6F830C1F613A96301AAD5F
                                                                                                                                                                                                                                        SHA-512:6B0D0603681134E8DF6803206411543587104B781A1E90D237372A8642D08A4233E6894BB4C28185F1EAE70AFC7AD6831DAE03F30B831F249F9CC153A241A6E9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:v.#Q.....time_t_comparator......

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\Massive\usage\MANIFEST-000002

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41
                                                                                                                                                                                                                                        Entropy (8bit):4.589020906951572
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:en9RMY3ZqU0blS:enzeblS
                                                                                                                                                                                                                                        MD5:0E1492D224F68F59E06403C64B1DACE0
                                                                                                                                                                                                                                        SHA1:C8D7848C6245D51493601BEB8A2AB31C0D2429A1
                                                                                                                                                                                                                                        SHA-256:51478B51058C6BAED4C8B103B4262B24158CC285238C124C75FAA216FA9FB602
                                                                                                                                                                                                                                        SHA-512:C4F2773EB9E8A1BD19A3911160F5EFDF417B965446D951851A89776E529238B733EF60101EDDD80ABC7714E5D10DAFFCB8D0A2F7317C46F8DA82BD31ACE0717C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:bv.|.....time_t_comparator...............

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\config.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):925
                                                                                                                                                                                                                                        Entropy (8bit):4.763520934319887
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:15Lp851u1FtFL/fiudODMuV9ppDaRzE9WWf8:+XGr9niudK3HD2RzE9We8
                                                                                                                                                                                                                                        MD5:A3A041467DB30B7F9C4F7FE092AD4B66
                                                                                                                                                                                                                                        SHA1:40AF46EF78664D4EE4FF7366F743ED120E144A93
                                                                                                                                                                                                                                        SHA-256:36745EE4FFA2757A4D7988312B16734EF6129688270A78E89D5AC3066B7E4429
                                                                                                                                                                                                                                        SHA-512:CB89FD6A7B472E13F4AED39D93F04263DCBE0DA72D618E62E61A86E6F5B4A4E291B992FB6DFF7BAABA4EC613B356443295A10EF83BB34B5A747D65C851D9DEA9
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{.. "IsBlocking": true,.. "IsFirstRun": false,.. "IsStopped": false,.. "Uid": "9e146be9-c76a-4720-bcdb-53011b87bd06",.. "config": {.. "config": {.. "extra": {.. "blocklistUrl": "https://downloads.joinmassive.com/adblockfast/prod/ips.txt",.. "sentryDsn": "https://06798e99d7ee416faaf4e01cd2f1faaf@o428832.ingest.sentry.io/5420194",.. "sentrySourceName": "Adblock_marketator".. },.. "massiveSdkKey": "4c6fdfc9-de78-4899-8dc6-365b9c5db799",.. "update": {.. "appCastUrl": "https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml".. }.. },.. "distId": "marketator",.. "trackingId": "UA-135690027-41",.. "trackingParams": {.. "postbackId": "380959ea-7312-4492-9881-540e80035e0f",.. "publisherId": "741".. }.. }..}

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Non-ISO extended-ASCII text, with very long lines (324), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                                                                                        Entropy (8bit):5.2613817953735795
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:sxz2KarhVLA8BcD6EzUwx2pN7HLaiTJFKGVDxd4BhykYVH:sMhVjcDRx2PfTT7Fqhw1
                                                                                                                                                                                                                                        MD5:A91BD3E65DBB23A1A79FC29C01A7BF2C
                                                                                                                                                                                                                                        SHA1:5F8F25CDF0776AB61AD1F77DE29A60630F5CA98A
                                                                                                                                                                                                                                        SHA-256:08ABADC04E7F4A0C7DC547F4B284913FF0369AFD3B4B80B71285DBDFB535988B
                                                                                                                                                                                                                                        SHA-512:2F4E8B71A9EA0BEE4C1582E7AC31872BEAFE42B852F2D05F7CCC8E961A0DA08745FB1696BF8F60D4A192765F93545DB9C5E1668F0E7AC1280A6294646CC1E77A
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..platform.native.release.0.3.2.environment.prod.level.error.user..id.$9e146be9-c76a-4720-bcdb-53011b87bd06.sdk..name.sentry.native.version.0.4.12.packages...name.github:getsentry/sentry-native.version.0.4.12.integrations..crashpad.tags..app.Adblock_marketator.extra..contexts..os..name.Windows.version.10.0.19041.build.1889

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\session.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):231
                                                                                                                                                                                                                                        Entropy (8bit):4.751906202016326
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:YM4RxVgiWPSQeSSyJlqEzUwOWE2B/3VMb8uh83NXsaL5ALyd5:YXNhAlhPPBN9Aucawq
                                                                                                                                                                                                                                        MD5:230E72D6085999F99AFA6120DBF2949F
                                                                                                                                                                                                                                        SHA1:CBEAA524A907E169BA16723CC1E3830F9AA8E3EE
                                                                                                                                                                                                                                        SHA-256:B1EDABEC9F66BDC3A09891A376B43D227D460BAEE972A1841FF2EF013644D0F4
                                                                                                                                                                                                                                        SHA-512:F1C7E77C5FB66F1BAD468098DE65FD3DAB9380A21EF1D6873158298AD1EC0A1FD575F79242263B6FDC709E65C7CAD69FBCEF047FF275CC7E7A47CD0B308F184F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"init":true,"sid":"d3a7576b-ce16-4be3-751b-f189857d7e95","status":"ok","did":"9e146be9-c76a-4720-bcdb-53011b87bd06","errors":0,"started":"2024-12-09T00:03:26.648Z","duration":0.031,"attrs":{"release":"0.3.2","environment":"prod"}}

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Non-ISO extended-ASCII text, with very long lines (312), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):312
                                                                                                                                                                                                                                        Entropy (8bit):5.263740879651087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:sxz2KarhVLA8BcD6EzUwx2pN7HLaiTJsv44BhykYrD:sMhVjcDRx2PfTsVhwv
                                                                                                                                                                                                                                        MD5:3AC5CDB83D33870987C21DE3F6E597EB
                                                                                                                                                                                                                                        SHA1:46E4D048A69DD32CF89F0D91F342DE2D9D8A4C49
                                                                                                                                                                                                                                        SHA-256:62708AEE138FB0F3B8FA81EE7EA22C90DF3CD4DB069EAA4920811C61F752AF5D
                                                                                                                                                                                                                                        SHA-512:338FBF3E98760A1C855A4BE14B6B05590992116EE78EA53AF7F0C643E4C9A692782A56E83CA2726CCB9AA35B4C49B8AA08B7D94D577DDE6E82DE42009D2E0F90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..platform.native.release.0.3.2.environment.prod.level.error.user..id.$9e146be9-c76a-4720-bcdb-53011b87bd06.sdk..name.sentry.native.version.0.4.12.packages...name.github:getsentry/sentry-native.version.0.4.12.integrations..crashpad.tags..app.Adblock.extra..contexts..os..name.Windows.version.6.2.19041.build.1889

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\session.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):227
                                                                                                                                                                                                                                        Entropy (8bit):4.744478850094649
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:YM4RxVL1E2kp2EBlqEzUwOWE2B/3VMDs4phVjCXsaL5ALyd5:YXXEPjBlhPPBN74phIcawq
                                                                                                                                                                                                                                        MD5:90473C31AC51CF7F7971187E3527002F
                                                                                                                                                                                                                                        SHA1:3A125EAD5485660EFC77E23B7D38CCB7FDB25DE6
                                                                                                                                                                                                                                        SHA-256:833303CF9DCB3F4F42CCDBF684F6DFA853AA7865732BD919D042D0AA40858797
                                                                                                                                                                                                                                        SHA-512:F5AD4A76E524AF3CA1950C92FB961ABAC790F2F20F92ACE22169AB72F8E6AD5871225B29BA4324667766F617EFD7D00932F89FE5578694C88DEE28BD1B5BAC44
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"init":true,"sid":"552a6dc4-295f-40ad-f1d8-c18c1b2119d4","status":"ok","did":"9e146be9-c76a-4720-bcdb-53011b87bd06","errors":0,"started":"2024-12-09T00:03:48.253Z","duration":0,"attrs":{"release":"0.3.2","environment":"prod"}}

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\00000000-0000-0000-0000-000000000000.envelope

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):351
                                                                                                                                                                                                                                        Entropy (8bit):4.92607058052163
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:YoVm0jErTPE5t6iARMd41BxVWOd49Jnz3N7EzUwOWE2B/3VM9IutcX3NXsaL5ALq:Yo40jkwijRMhJNaPPBN8mdcawq
                                                                                                                                                                                                                                        MD5:E32C2D4BE3F76241A272793A6E20A07E
                                                                                                                                                                                                                                        SHA1:1E509301EEA952AF48B1FE06057713EC43DF02A5
                                                                                                                                                                                                                                        SHA-256:A1EF99D53E7B30691DD9E32C75F733A15185FA5CB69376F2C4A9B118BFB9AE55
                                                                                                                                                                                                                                        SHA-512:CFE48DFE6BE4D45BF7F393C83C4EAC66A9E56CA2F83E2497087D940E82F3056ECF6605401AA046243DBA2C0E7171C352DC0FCE259C98830E8C2279DB917CB7F4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"dsn":"https://06798e99d7ee416faaf4e01cd2f1faaf@o428832.ingest.sentry.io/5420194"}.{"type":"session","length":235}.{"init":true,"sid":"f4aa8e5c-d740-40fd-b7ba-a25594b740a5","status":"exited","did":"9e146be9-c76a-4720-bcdb-53011b87bd06","errors":0,"started":"2024-12-09T00:03:33.529Z","duration":4.921,"attrs":{"release":"0.3.2","environment":"prod"}}

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Non-ISO extended-ASCII text, with very long lines (312), with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):312
                                                                                                                                                                                                                                        Entropy (8bit):5.263740879651087
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:sxz2KarhVLA8BcD6EzUwx2pN7HLaiTJsv44BhykYrD:sMhVjcDRx2PfTsVhwv
                                                                                                                                                                                                                                        MD5:3AC5CDB83D33870987C21DE3F6E597EB
                                                                                                                                                                                                                                        SHA1:46E4D048A69DD32CF89F0D91F342DE2D9D8A4C49
                                                                                                                                                                                                                                        SHA-256:62708AEE138FB0F3B8FA81EE7EA22C90DF3CD4DB069EAA4920811C61F752AF5D
                                                                                                                                                                                                                                        SHA-512:338FBF3E98760A1C855A4BE14B6B05590992116EE78EA53AF7F0C643E4C9A692782A56E83CA2726CCB9AA35B4C49B8AA08B7D94D577DDE6E82DE42009D2E0F90
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:..platform.native.release.0.3.2.environment.prod.level.error.user..id.$9e146be9-c76a-4720-bcdb-53011b87bd06.sdk..name.sentry.native.version.0.4.12.packages...name.github:getsentry/sentry-native.version.0.4.12.integrations..crashpad.tags..app.Adblock.extra..contexts..os..name.Windows.version.6.2.19041.build.1889

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\session.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):227
                                                                                                                                                                                                                                        Entropy (8bit):4.722594548299004
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6:YM4RxVWOd49Jnz3NlqEzUwOWE2B/3VM9IujCXsaL5ALyd5:YXgJNlhPPBNjcawq
                                                                                                                                                                                                                                        MD5:0B546792B6A29749336B62DA18F1FE3A
                                                                                                                                                                                                                                        SHA1:EC1B5CDCE69E0B79FCC4475A0041AEC3303DF0D6
                                                                                                                                                                                                                                        SHA-256:BAF5252AF7D7495A3D368C906A43DC678DE7F7BE1233EEB23C04633A66B3453B
                                                                                                                                                                                                                                        SHA-512:0A3939BC5A6C1EBCCE660DD2A3A9B3C659E6DD2ED6F7BDD095A088BC3B51338E195CEAE29CE53A564A65A6755A1CC783A7DEB54F82CA281B535A4A7ABC6F450E
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"init":true,"sid":"f4aa8e5c-d740-40fd-b7ba-a25594b740a5","status":"ok","did":"9e146be9-c76a-4720-bcdb-53011b87bd06","errors":0,"started":"2024-12-09T00:03:33.529Z","duration":0,"attrs":{"release":"0.3.2","environment":"prod"}}

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\settings.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                        Entropy (8bit):3.3454618442383204
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:FkWXl/tjd0n:9/Un
                                                                                                                                                                                                                                        MD5:B469BAE8F56C3D7FBF0B8F8E7E452740
                                                                                                                                                                                                                                        SHA1:4624E002CE1DBF4D52BE213223DD5137190A7F1A
                                                                                                                                                                                                                                        SHA-256:D65922FE87A51554D12BBFBE206A0979B2C7C1716EDAF6A0521097B575DA847B
                                                                                                                                                                                                                                        SHA-512:AACE95AC7EF633B8949554661A0B31657B322BA1712D573CE1FA30BFF58393305BAC0DB65C9DDAC01930319F21ABF1D4F44A0B6843D9281732A505D6799AE6FD
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:sdPC......................C.F.iM.w6...x

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\user-consent

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:2:2
                                                                                                                                                                                                                                        MD5:B026324C6904B2A9CB4B88D6D61C81D1
                                                                                                                                                                                                                                        SHA1:E5FA44F2B31C1FB553B6021E7360D07D5D91FF5E
                                                                                                                                                                                                                                        SHA-256:4355A46B19D348DC2F57C046F8EF63D4538EBB936000F3C9EE954A27460DD865
                                                                                                                                                                                                                                        SHA-512:3ABB6677AF34AC57C0CA5828FD94F9D886C26CE59A8CE60ECF6778079423DCCFF1D6F19CB655805D56098E6D38A1A710DEE59523EED7511E5A9E4B8CCB3A4686
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:1.

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Adblock Fast\log.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1596
                                                                                                                                                                                                                                        Entropy (8bit):5.060797057517199
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:48:7ccj0wdYxBs38Wv38638r38z/380Qf382438DX38e38/38X:xj0wEs3/v3t3Q3g3NQf3v4383V3o38
                                                                                                                                                                                                                                        MD5:BB92296C6A6CF883710B594AAE7E8229
                                                                                                                                                                                                                                        SHA1:CADD1FD260B26FDE252503EFCAFB57FFD8A2381D
                                                                                                                                                                                                                                        SHA-256:DD7255238716036483411C24077F46834B3EA5BF647C1BD8A30216F50EDDFDE3
                                                                                                                                                                                                                                        SHA-512:8F9CEA4DACE5F8A6536AA7BB569B79AC8A257BF8E959F96634D9A2C2AE06418298AB383A3ECEF9A6553B118FF78602C7C2356ACC5C5FCF7C7D81CA8BB902E9B4
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 20:47:32.746 WARN [2996] [common::App::lock@63] App has already been running..2024-12-08 20:47:35.943 ERROR [5664] [common::InitCallback@17] Failed to initialize Massive, schedule reconnection..2024-12-08 20:47:36.101 ERROR [7936] [adblock::Application::makePostback@278] Postback failed with status code: 403..2024-12-11 00:53:47.152 ERROR [3488] [common::ActivityApi::telemetryPing@43] Failed to get remote data 28 : Operation timeout..2024-12-13 04:56:52.474 ERROR [3488] [common::ActivityApi::telemetryPing@43] Failed to get remote data 28 : Operation timeout..2024-12-15 09:33:38.089 ERROR [7840] [common::ActivityApi::telemetryPing@43] Failed to get remote data 28 : Operation timeout..2024-12-17 13:36:40.410 ERROR [7840] [common::ActivityApi::telemetryPing@43] Failed to get remote data 28 : Operation timeout..2024-12-19 17:37:45.393 ERROR [5024] [common::ActivityApi::telemetryPing@43] Failed to get remote data 28 : Operation timeout..2024-12-21 21:18:27.985 ERROR [3488] [c

                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adblock Fast.lnk

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Has Relative path, Has command line arguments, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):766
                                                                                                                                                                                                                                        Entropy (8bit):3.3046328199629937
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:8AlXEnm/3BVSXzNyW+fyHiNL4t2YZ/elFlSJm:8Aj/B2r+fl5qy
                                                                                                                                                                                                                                        MD5:9B58CA8420633DC24852E36191EF8C01
                                                                                                                                                                                                                                        SHA1:5076612F1C99715EFEE2A9F1E144B9B9CC9873AD
                                                                                                                                                                                                                                        SHA-256:B6B2FFA1DD8EAB8B96930C3F2D4937CEBE60B34EE8BD5B5E540492ED8FA68E54
                                                                                                                                                                                                                                        SHA-512:BEF672A1B3433207902CEA942890A4AA242C38934FC78CB5B1EF006BB7A1CE63A1ADA9CDCA42362A9E8616398CFDF2726B9AE399C4A7944FE3BD61FA74EE134F
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:L..................F........................................................E....P.O. .:i.....+00.../C:\...................V.1...........Windows.@............................................W.i.n.d.o.w.s.....Z.1...........system32..B............................................s.y.s.t.e.m.3.2.....f.2...........schtasks.exe..J............................................s.c.h.t.a.s.k.s...e.x.e.......8.....\.....\.....\.....\.....\.....\.....\.....\.....\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.s.c.h.t.a.s.k.s...e.x.e.../.r.u.n. ./.t.n. .".A.d.b.l.o.c.k. .F.a.s.t.".........%...............wN....]N.D...Q..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\Adblock.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5698400
                                                                                                                                                                                                                                        Entropy (8bit):6.86709584119763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:WX+OsTkgpXFZgsWBTqYkn4Y5zLSz1VjOB5:QtGkgpVZgZ3OB5
                                                                                                                                                                                                                                        MD5:C7119E2A05DB13F4888321D28E215C07
                                                                                                                                                                                                                                        SHA1:2040CF5A97A671E18AEE7BBD78A9DCE70235F8AB
                                                                                                                                                                                                                                        SHA-256:B10D464D5B329829A6EC5C5BCA79D9E5E5614448BC8763CC51230A3B778B644B
                                                                                                                                                                                                                                        SHA-512:60CC31C7D054620AD2002F00D16E58728EB941AE9A8AD492D21207E916CE3E1CC4E16E9C130A084939D35EA6F2FBF9E2D5AD89F5DC31407C1E43C70A0974478A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........-..C...C...C......C.......C.H.G...C.H.@...C.H.B...C...G...C...E...C...E...C.H.F...C...B...C...B...C.8.@...C...C...C.8.G.$.C.!.B...C...B...C...B...C.8.F...C.8.....C......C.8.A...C.Rich..C.........PE..d......c..........".......*..x,.....D.)........@.............................PW.......W...`..................................................U7.......:.......8.......V.`/....V..p...94.T....................;4.(....:4...............*. ............................text.....*.......*................. ..`.rdata........*.......*.............@..@.data.........7.......7.............@....pdata........8......d8.............@..@CPADinfo8.....:......b:.............@....rsrc.........:......d:.............@..@.reloc...p....V..r...RV.............@..B................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\DnsService.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3175264
                                                                                                                                                                                                                                        Entropy (8bit):6.687389262385987
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:YGtlqcUVwASO9CIU6ippiZ9Ky1X8TrqvwwoIUvKqHhI08eLo5dnmPLpqI+5:Ul+zdsowKI7eL2n4pk
                                                                                                                                                                                                                                        MD5:97A08C6366F4589739209FDB43B4B3EC
                                                                                                                                                                                                                                        SHA1:56B57F33D510DE026207A8B37EA93DB8447A11B8
                                                                                                                                                                                                                                        SHA-256:5D15B23E628BE6147EA04DF302B5A06CEB8420B3BFC41872E2F90B0511BC11B1
                                                                                                                                                                                                                                        SHA-512:D83E83D3C252622B13004C60BED56653C284462240553D12DFD22989FA2FDC34A06DC8B388F1FE2ADED478542299356AAEFC2E4691E8DB396BCF7A9E65AF94B1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......I.b......................&.............................................h.......h...............F...........-............... ..........................Rich............................PE..d......c.........."......."..........@"........@..............................2.......1...`.................................................l}-......P2.8.....0.X....D0.`/...`2..g.. .+.T.....................+.(.....+..............."..............................text....."......."................. ..`.rdata...&...."..(....".............@..@.data...8.....-.......-.............@....pdata..X.....0......@..............@..@.rsrc...8....P2......./.............@..@.reloc...g...`2..h..../.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\MassiveEngine.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):140128
                                                                                                                                                                                                                                        Entropy (8bit):6.112789273542535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:HFEflWr8nVIX4dpaJ0gS/CZB/sImp3eqD6fNEmOzWt0DOCYmihNA7P8LA9WhdCm:HFEflWr8nVImF/LesVzWt0yML70U0x
                                                                                                                                                                                                                                        MD5:7642760AA3F3191BECC621EE0402B4B6
                                                                                                                                                                                                                                        SHA1:06E1173A937D78B038B615893D22869B8DABB6FB
                                                                                                                                                                                                                                        SHA-256:4C6F3AC24C784B3F50BC831AB3B583E70DCB842C09A25A352DCB8634377AB891
                                                                                                                                                                                                                                        SHA-512:8162600149168AC6CA76987696B612DB521679B3A2EFBD0D1DEE87DF180C60043DFE75DD58A5F63B3D854644C666FF9A73718B9DF8E678A995B4CC0B68BB7760
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hh..,..^,..^,..^%q.^"..^~|._&..^~|._/..^~|._2..^~|._*..^.y._(..^.|._/..^,..^...^.|._2..^.|x^-..^,..^-..^.|._-..^Rich,..^........PE..d....v.c.........."............................@.............................P......w.....`..........................................................0..8...............`/...@......Xz..T....................|..(....z..8............0...............................text............................... ..`.rdata......0......................@..@.data....+..........................@....pdata..............................@..@.rsrc...8....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\MassiveService.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3671392
                                                                                                                                                                                                                                        Entropy (8bit):6.451457824367643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ADV9q3112pbQUEI7Z1tIP8Zn0Hv3NsOuw2b9QDxg/1dfXGvply48q00b3hVPWlG2:cPHtovS3mldlslGBsN
                                                                                                                                                                                                                                        MD5:6BCBB964E1FE28513B22273F136A4B37
                                                                                                                                                                                                                                        SHA1:FDE4927B46BAC2340F65FE2811C2307C798E2398
                                                                                                                                                                                                                                        SHA-256:10C027BDD8008AD62C7E3AB5ABD92D2573BB9474A9EA8FFEB218B43A2EFAAB09
                                                                                                                                                                                                                                        SHA-512:6E587FDA68BC9E9683F2BECE39A5FF9357CCCD12EA1E3669F8D7C675479B476F482DE0E2FEA20E7A0F4FEC72ABDE7EC1B0BEFFA1EED79461ABD006427D182FED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........W?x]6Q+]6Q+]6Q+TN.+K6Q+.CU*U6Q+.CR*Y6Q+.CT*C6Q+.CP*[6Q+;Y.+[6Q+.FW*\6Q+.CU*?4Q+.CP*^6Q+.FP*}6Q+]6P+.4Q+.CT*.7Q+.CQ*\6Q+.C.+\6Q+]6.+\6Q+.CS*\6Q+Rich]6Q+................PE..d....v.c.........." ......$...;.......#.......................................`.....?.8...`.........................................P.3.,...|.3.0....P`.P....`^.......7.`/...``.@.....0.T.....................0.(...0.0.8.............%..............................text.....$.......$................. ..`.rdata...<....%..>....$.............@..@.data... .*..P4..:...44.............@....pdata.......`^......n5.............@..@.rsrc...P....P`......P7.............@..@.reloc..@....``......V7.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\MiningGpu.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):899424
                                                                                                                                                                                                                                        Entropy (8bit):6.4356239735232466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:q0TQMH6umv56EWg/L/A2eJAUS1m7JodWEfz:LauK6E1rq5SktZK
                                                                                                                                                                                                                                        MD5:79CAE1118A31818AF31B388EE4808A1B
                                                                                                                                                                                                                                        SHA1:9054393F36900CA638A6F58C31F6ED8B5E08FFB4
                                                                                                                                                                                                                                        SHA-256:8D8770FD885E0BB8A28FC96F31209F05D6B4DB9B4036666BD5500D13B2FAEB84
                                                                                                                                                                                                                                        SHA-512:0E320CBA17C28BEDC5BCD603C462BEA62D658CA1AA6D8C954D1B68AE8597B8631ED20AA8754139702AE41D970458F681D4417C3CAAA6E4E52A7DDE4AEB6538DC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......2[I.v:'.v:'.v:'..B..`:'..U.r:'.$O#.~:'.$O$.r:'.$O".S:'.$O&.p:'..J&.a:'.v:&.t8'..O$.w:'..O#.R:'..O".):'..O'.w:'..O.w:'.v:..w:'..O%.w:'.Richv:'.........................PE..d....v.c.........." .....r....-...............................................6.....r.....`..............................................P...f........6.@.....6.\y......`/....6.$.......T.......................(...p...8............................................text....q.......r.................. ..`.rdata..F............v..............@..@.data....V)......l..................@....pdata..\y....6..z..................@..@_SHA3_25@.....6......l..............@..`.rsrc...@.....6......v..............@..@.reloc..$.....6......|..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\SPCDNS.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41824
                                                                                                                                                                                                                                        Entropy (8bit):6.383810378377154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:5MoM+9NiHTCNEAsogABab34C5EXGiWwxu5YicVqeEO:X9NizCNEAso/MMAiJ27ts
                                                                                                                                                                                                                                        MD5:61E336DD16128398B546C70439C2BD3F
                                                                                                                                                                                                                                        SHA1:4BB959D12C1184D64D439B3C21FFE8C4AD5CA5AE
                                                                                                                                                                                                                                        SHA-256:4F5160AF8F4AA67F76613924280FB16DA450C97EB657C871D9E42EC8A613ACF1
                                                                                                                                                                                                                                        SHA-512:3506DF990FDFF07090D2F88A3AA56B8EA621DC412294B165DEE532F7BBF40C4B00268F55A188E599DF0D0D8151A644205104689716EBC78F40C83DAB6A61A9E3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@)...H.Y.H.Y.H.Y.0*Y.H.Y.%.X.H.Y.%.X.H.Y.%.X.H.Y.%.X.H.Ya..X.H.Y.H.Y3H.Y.&.X.H.Y.&.X.H.Y.&FY.H.Y.H.Y.H.Y.&.X.H.YRich.H.Y........................PE..d.....c.........." .....8...>......p>..............................................W.....`..........................................p..x...Xq.......................t..`/......8....h..T...........................0i...............P...............................text....7.......8.................. ..`.rdata...'...P...(...<..............@..@.data...8............d..............@....pdata...............f..............@..@.rsrc................j..............@..@.reloc..8............p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\SysGpuInfoEx.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):98144
                                                                                                                                                                                                                                        Entropy (8bit):6.191480094314726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:wbQZwEgZDf4mkpxHAnFce6KBE1BLt35pEXOy36E7If1:wbQZwENKE1BCXOG6EMN
                                                                                                                                                                                                                                        MD5:DC6723D0C1C83F6FA274D65D65A47962
                                                                                                                                                                                                                                        SHA1:4F5147E4808EA4E7BE6F6648F91089ED98FF3120
                                                                                                                                                                                                                                        SHA-256:2E27187FCD3E1216D20EFAB042151F4EDBDC10D8CC3C2ADF330C0B64EBB8CEA0
                                                                                                                                                                                                                                        SHA-512:25464806174C060C4FAAA23458F59D5F47D953232713238A7077F387FAC97DD15DD8DCB34632131176341AE8E046D0320ED8EF87782322D623ED1F388A5E142D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........].A.3.A.3.A.3.H...Q.3..Z..E.3...7.I.3...0.E.3...6.].3...2.G.3...2.T.3.A.2.6.3..:.f.3..3.@.3....@.3.A...@.3..1.@.3.RichA.3.........PE..d...C.#`.........." .........0).....<........................................0*....../....`......................................... ...\...|.........*.8.....*......P..`/... *.l.......p.......................(... ...8...............P............................text.............................. ..`.rdata...e.......f..................@..@.data....(..@.......$..............@....pdata........*......8..............@..@.rsrc...8.....*......F..............@..@.reloc..l.... *......L..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\WinSparkle.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2417504
                                                                                                                                                                                                                                        Entropy (8bit):6.36658437034444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:qH8QFfUXSCGWF5VXZXxPwp5ZvksudhrwOf65IAo8/:ejBCj57hPwHisuko8/
                                                                                                                                                                                                                                        MD5:E167DFD4BB292D7837F3C15BC8F6F7A1
                                                                                                                                                                                                                                        SHA1:D56A8B15F1DA113AFDA580F5B4271354BB8FA574
                                                                                                                                                                                                                                        SHA-256:1F64E24BB019F60755215E3AD1EFD30926E1FEBE497F029A69B83CEDCB0DAC49
                                                                                                                                                                                                                                        SHA-512:CBD5DA6AD4CD5682163B9035AF56A0CA95773CD2902D7CBCEF37A8C950D3A4B7DF6B79864305E449DDA47E48F1D4514C48DA18FB2A99334269DEEAF935947F35
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].GE..)...)...)..x....)..x....)..x....).K.*...).K.,.".).K.-.9.).......).......).......)...(...)... ...)...)...).......)......)...+...).Rich..).........PE..d....h.].........." ..........................................................%.....M9%...`.........................................0..........,.... "...... !.h.....$.`/....$.H.......T...........................@................................................text...H........................... ..`.rdata..............................@..@.data....E..........................@....pdata..h.... !......V .............@..@.rsrc........ "......T!.............@..@.reloc..H.....$.......$.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\XMRCLBridge.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):391520
                                                                                                                                                                                                                                        Entropy (8bit):6.693470744878328
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xnKUo3rRWseDqLDApS/uCFe0Rs+M3XdtzaOmqqDTzuU7KLn/kG:xebRWseDyDApcul37ndpaSqnzHKLF
                                                                                                                                                                                                                                        MD5:0D49F321FD21B3995642CB9191D24840
                                                                                                                                                                                                                                        SHA1:D12C248402C50820DCC86CF6D662390859611993
                                                                                                                                                                                                                                        SHA-256:C6A88064B6C238B01933D01877AD751EF6441406FCAC52706E7192998CC25D3B
                                                                                                                                                                                                                                        SHA-512:30F7FE44FA0976EED807AD0CBD9694A8D68E5E53834AED3476631BEFBECF5BD0E86D70A2977F8C11707CB587481DBE9520839C1E5C9C71FF7A7E17B3F32097B9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.5.>.[.>.[.>.[.7..*.[..q..:.[.l._.6.[.l.X.=.[.l.^.'.[.l.Z.:.[...../.[.>.Z...[..._.".[...R...[...[.?.[.....?.[.>..?.[...Y.?.[.Rich>.[.................PE..d...q.`.........." .....<...p+.....h ...................................................`.........................................ps..T....s..@.......0........!......`/..............p...................p...(...p................P...............................text....;.......<.................. ..`.rdata..\I...P...J...@..............@..@.data.....(.........................@....pdata...!......."..................@..@.rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\XMRCLBridgeNV.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1888608
                                                                                                                                                                                                                                        Entropy (8bit):6.5856043964252216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:YTMAY7B/seDVOiqc4l5VklP5N4yS4dy7jIL8:YAseDVOxyqfIL8
                                                                                                                                                                                                                                        MD5:B4110EBAC0EE2DB8D636C98E311D4DFB
                                                                                                                                                                                                                                        SHA1:98A4D53EAF3172C4583473E56FABC097021FE68B
                                                                                                                                                                                                                                        SHA-256:001C17F8E35EF7E887E3F52D4DD9EA38227ADE406BBCA01F138CB2E84A48B534
                                                                                                                                                                                                                                        SHA-512:BACD3F2298C1B2CD7BF41869A4EE5224A073E3E5503423CACA2EEC5388414264E32654427B030EF5BAAE1BA1D59B01F625ECB37D5046564B1C567685B590607E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......U..T..............-.....6up.....6uq..............y.....C......C......C......C.......Lu........._...................A.......)............Rich............................PE..d...Y.`.........." .....T..........................................................u.....`......................................... ...x............p..0.......(&......`/...........g..p....................h..(....g...............p...............................text...aR.......T.................. ..`.rdata..6....p.......X..............@..@.data...8...........................@....pdata..(&.......(..................@..@.nv_fatb8...........................@....nvFatBi0....`......................@....rsrc...0....p......................@..@.reloc..............................@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\crashpad_handler.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):935264
                                                                                                                                                                                                                                        Entropy (8bit):5.739343016319503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vuk+yClbe6tAM5CLXe3KiONZx8rEOMdt2WaUk15:Vuk+yClbe6tAWCLXe3KiONZx8rEOMdtC
                                                                                                                                                                                                                                        MD5:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        SHA1:8015C003FDF94D5991902437D2E98AE2D7CBCCF3
                                                                                                                                                                                                                                        SHA-256:BFB062608229199430BD5F729FDE00147451C074775EE5BF0E2917F7B239DF96
                                                                                                                                                                                                                                        SHA-512:2F64D56F2DD6FF3F4C334540338AF223A9A05E50B58E988DE112712FE429698393B0ACC50CE61831E418B8D63E8029D47473777DC346135303B80AD753CCC4AB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(l..l..Wl..Wl..Weu7Wx..W.`.Vs..W.`.Vf..W.`.Vo..W.`.Vj..W.c.Vi..W.k.Va..Wl..Wl..W.c.Vm..W.c.V...W.c[Wm..W.c.Vm..WRichl..W........PE..d.....c.........."..........@.......;.........@....................................Ek....`..........................................................p..<....P..(.......`/...........x..8.......................(....y...............................................text............................... ..`.rdata..z...........................@..@.data....3.......,..................@....pdata..h....P......................@..@.idata..|A.......B..................@..@.tls.........@......................@....00cfg.......P......................@..@CPADinfoC....`......................@....rsrc...<....p......................@..@.reloc..............................@..B................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\dns.conf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73
                                                                                                                                                                                                                                        Entropy (8bit):3.1377695485602666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:66YvWCc1KSUtvnnSjjhgLSTLUU:61WCcJUdnShOSTLv
                                                                                                                                                                                                                                        MD5:D9229B2BF6EA93565EBBEB81459025C1
                                                                                                                                                                                                                                        SHA1:5B8AF056D1A853B73AC94903EDD1D6F167AF8D22
                                                                                                                                                                                                                                        SHA-256:F975168980DC06D1F64400C045F73E13E4E68AB8F350AA23304924461CCE1CB6
                                                                                                                                                                                                                                        SHA-512:AB8650D51B0606738001E70ACB28F18A7B3A89445BA64F1264908E6D9CC6A94FA93D7B35377E817A5DB98E8050C8C9942782DDCCCEB0C9795F3E05B5E9D4304C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:9.9.9.9..8.8.8.8..8.8.4.4..9.9.9.9..1.1.1.1..208.67.222.222...76.76.19.19

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\dnsConfig.json

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):88
                                                                                                                                                                                                                                        Entropy (8bit):4.29560324974806
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:3FF+qg6H7RuRdP8xBHsWNxr2Ny7F/xn:3FF+qwkrHTNENy7b
                                                                                                                                                                                                                                        MD5:011B252F8D3ECB0CE77AEEE6449B4EF4
                                                                                                                                                                                                                                        SHA1:E51AB7C1F48417558547EFE5716E72E91890B06D
                                                                                                                                                                                                                                        SHA-256:F22BD376D83E21F0B65FC01785DEF3FE0820391FFCD60931E3BD97219C3718EE
                                                                                                                                                                                                                                        SHA-512:C706DAC3A57A73FE8227809A2258C34BAC7FE14BD5F577A130F91427CB58F440A60BC31AE11A3ADE586AB577BE5735F4D28B17EDB1EEE7051B856F9A676315EE
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{.. "{E3B92EAA-F5C7-47F8-A487-F466F42035A1}": {.. "DNS": "1.1.1.1".. }..}..

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\dnsService.txt

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                        Size (bytes):411
                                                                                                                                                                                                                                        Entropy (8bit):5.151362079756542
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12:Ea3fuk5a3eEX8/YtDabCPEXGabCPEXfWGaHdB5:E6N9E90CPEW0CPEOGo
                                                                                                                                                                                                                                        MD5:9109B088105027D3B01D905856B14FB9
                                                                                                                                                                                                                                        SHA1:F1A2AAE3ADFB3C0DA294CDA4D969B0AB219DC1CC
                                                                                                                                                                                                                                        SHA-256:9C65AF7BC49223485C4BD616667C5CA0A084EECF2AB1D26F509AF757BA66ADBC
                                                                                                                                                                                                                                        SHA-512:B667AA6D7C57970D589DE8406B8E274550DC69A8D22CA5171919D84D2BA9D5076688FF1AB17D8397B7AE88E258D3A03A2628EC8711B990CF25623AFE59AE13A0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:.2024-12-08 20:47:37.656 INFO [420] [ServiceManager::install@56] service installed..2024-12-08 20:47:37.656 INFO [420] [dns::Service::atExitHandler@270] Unset rounting..2024-12-08 20:47:37.753 INFO [420] [dns::Service::atExitHandler@277] Close connections..2024-12-08 20:47:37.753 INFO [420] [dns::Service::atExitHandler@281] ending log.....2024-12-08 20:47:37.755 INFO [420] [FlushDNS@90] dns flush OK..

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\adguard_filtered.conf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):606787
                                                                                                                                                                                                                                        Entropy (8bit):4.668560467537094
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:HaIuKZtkTXUADkztyIpyK9S/q3akn/iJmUx1GZB54PEY1zWijfXOEUsKPNA13KBc:DsrsyI4NmUmv54wijfe9vRBMOcsBz6
                                                                                                                                                                                                                                        MD5:E9AF723FF026FBE7DDC3ED9E5DEB3AEA
                                                                                                                                                                                                                                        SHA1:0460A616175275463CD007A7C040F72B4DABD705
                                                                                                                                                                                                                                        SHA-256:A318118C8016B29C4B14D4780E19F0E20CA3C7C5FEA6985CAB27C3C13476E830
                                                                                                                                                                                                                                        SHA-512:CFF50D8618CEBD59C3F83CAF00DDFC3CCAB5EC548BA4EBEEF7E27E35EBEFAF5DEF4A78C3F08F33A532ED8852147DD7330596F7341DFAD3697428D58DE1307D32
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:okytgxmxonxim.com...asiancli.com...pelis.click...pbsdutufp.com...passworddrunkenheating.com...nrvkwqaatl.com...mlimgmxn.com...masakeku.com...tauvoojo.net...web1s.com...goldsurf24h.pl...wyphawhity.com...chrif8kdstie.com...pwdxedmuutaok.com...kewhulawi.com...ourcommonnews.com...galopelikeantelope.com...ccmiocw.com...qlowivucwh.com...homomqmfbomoy.com...kvcvonlakaigxwq.com...yaaqtujobgllwd.com...apshexvazqhh.com...ntymxykyh.com...lkimqdkfd.com...metsaubs.net...ihegwoy.xyz...moranoder.com...zepilogar.com...binsaiwo.net...kive-intro.web.app...stoodgogas.xyz...vrqsvrnjrhdmek.com...nndkukagmos.com...nvmjdpbjgrh.com...oufteens.com...nyhhnfsjo.com...hathyneglu.com...freefiles23.xyz...monetiza.co...cirsepuh.net...vhjuoaoetdbxt.com...nabobketupa.com...egistonemes.com...sobowapso.com...zygrophochi.com...knowhowlobe.com...interstitial-08.com...htxourpo.com...aahekppl.com...eadwhiwax.com...junk-cleaner.org...haxrddfxbdu.com...wqyipmakwh.com...gredraus.net...iutjyyujuqa.com...unblockia.com...mjyxblhd

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\adservers.conf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1056575
                                                                                                                                                                                                                                        Entropy (8bit):4.782467262964209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:zm5eVEzDtB/fKGUu1GlEHh1pfRH+NYnlqxqiiiNtWl:zm5eVwtB/Shu1GaHh1hRHgYlOiii
                                                                                                                                                                                                                                        MD5:C7183C7E129894D2634E14D86C2C9D94
                                                                                                                                                                                                                                        SHA1:40A97A2D57DACCD4AE455958BE3F0C44AEF12521
                                                                                                                                                                                                                                        SHA-256:1C288BD7A4BF7BF322F3C2949F65AF3302019E93E7F92F211955A15C666A4A8B
                                                                                                                                                                                                                                        SHA-512:56A1ADD9DE07EB49DE8440F00772B211E382DC244A5CD9D5D4C7AE73CF56ABDB2E76F3CDB1D81CC8D2CD0E21616844F20C9E24C9F3B21A46307C983A455B5E8B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0001-cab8-4c8c-43de.reporo.net..002-slq-470.mktoresp.com..004-btr-463.mktoresp.com..005.free-counters.co.uk..006.free-counters.co.uk..0075-7112-e7eb-f9b9.reporo.net..007.free-counters.co.uk..008.free-counters.co.uk..009.bapi.adsafeprotected.com..009-yli-241.mktoresp.com..00b5-d72d-8252-a96c.reporo.net..00f9-d59a-b75d-8898.reporo.net..00v07c3k7o.kameleoon.eu..010-knz-501.mktoresp.com..011-ubx-120.mktoresp.com..012.2o7.net..014-clr-420.mktoresp.com..01e7-6f86-e035-c4b6.reporo.net..0218-8f89-7967-768b.reporo.net..023-ezk-120.mktoresp.com..024f-c409-1d64-9c88.reporo.net..026-yoz-259.mktoresp.com..0271-842d-5a8b-d2c9.reporo.net..028-mbr-250.mktoresp.com..029-bnh-970.mktoresp.com..02y7m1at09.mentalist.kameleoon.com..035-lyw-022.mktoresp.com..037-iqy-141.mktoresp.com..037-mcx-531.mktoresp.com..038-azf-323.mktoresp.com..040-sms-890.mktoresp.com..048-acr-930.mktoresp.com..048c-ec4c-aad9-392a.reporo.net..048-hld-130.mktoresp.com..049-nhe-370.mktoresp.com..049-oxj-466.mktoresp.com..04fd-74b3-b2f6

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\custom.conf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1102
                                                                                                                                                                                                                                        Entropy (8bit):4.467164572963932
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:uB6OfZTJ0CxnkvrmypKInHqKzbOZbmbLuR3ANReT2BjKFZkRk8U1nU/:uB6OfZTJH2pKIHqKzb9EwzI2Bj9ye/
                                                                                                                                                                                                                                        MD5:77DD5641262B818BA948AF3EF3097DA3
                                                                                                                                                                                                                                        SHA1:BB88CCDA009DEA6E08257E9B5E7105495A0F83F7
                                                                                                                                                                                                                                        SHA-256:90F5BB71EA443B80915CC42EA2BD5D2119615453B1BE29DF50038DB0F26EC980
                                                                                                                                                                                                                                        SHA-512:5B65370A35A6338AE2892B2473BDA8CB76D7E32146FF6DFD9FF73284CF49576A9A96AB0BFF44C485E03C32AB39320630F83CA9B4E83610009269EB38C47F3C18
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:ads.google.com..media.fastclick.net..analyticsengine.s3.amazonaws.com..affiliationjs.s3.amazonaws.com..advertising-api-eu.amazon.com..amazonclix.com..mouseflow.com..freshmarketer.com..luckyorange.com..cdn.luckyorange.com..w1.luckyorange.com..upload.luckyorange.net..cs.luckyorange.net..settings.luckyorange.net..ads.facebook.com..ads-api.twitter.com..advertising.twitter.com..ads.linkedin.com..analytics.pointdrive.linkedin.com..ads-dev.pinterest.com..analytics.pinterest.com..widgets.pinterest.com..ads.reddit.com..d.reddit.com..rereddit.com..analytics.tiktok.com..ads.tiktok.com..analytics-sg.tiktok.com..ads-sg.tiktok.com..appmetrica.yandex.com..yandexadexchange.net..analytics.mobile.yandex.net..extmaps-api.yandex.net..adsdk.yandex.ru..metrics1.data.hicloud.com..metrics5.data.hicloud.com..logservice.hicloud.com..logservice1.hicloud.com..metrics-dra.dt.hicloud.com..logbak.hicloud.com..click.oneplus.cn..click.oneplus.com..open.oneplus.net..smetrics.samsung.com..samsung-com.112.2o7.net..busine

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\domains.conf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):558613
                                                                                                                                                                                                                                        Entropy (8bit):4.499313042385825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Hxuq5v1CmT+7sghV0a5PClcz/1Wipp5Nx3XvjGK059AXXn+q3NV:HxxCmT+7sgh2aLz1f1F07oNV
                                                                                                                                                                                                                                        MD5:1786ACAA33EE7CCBB63F9E13212737F8
                                                                                                                                                                                                                                        SHA1:9E015187741C56DDCC0BFCECFCD4EF76E15745E8
                                                                                                                                                                                                                                        SHA-256:9447C30FE7F84885F72090A4C7E1023B59C061ABA472C765D655E6468AC8ADF8
                                                                                                                                                                                                                                        SHA-512:86C1E656BD361AF6A878961232E1F87C55299CB2E1440814B59B3A4FCB94C3706A93399BD173F7387BC4A8516D3188E116B5F95DA1C6D70EB5302C65846B796C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0.r.msn.com......0.start.bz......000dom.revenuedirect.com......005.free-counter.co.uk......006.free-counter.co.uk......007.free-counter.co.uk......008.free-counter.co.uk......008.free-counters.co.uk......008k.com......00hq.com......00inkjets.com......01.sharedsource.org......010402.com......011707160008.c.mystat-in.net......0190-dialer.com......03.sharedsource.org......032439.com......039068a.dialer-select.com......0427d7.se......05.sharedsource.org......0532a9.r.axf8.net......05p.com......061606084448.c.mystat-in.net......064bdf.r.axf8.net......070.us......070806142521.c.mystat-in.net......077.us......08.185.87.0.liveadvert.com......08.185.87.00.liveadvert.com......08.185.87.01.liveadvert.com......08.185.87.02.liveadvert.com......08.185.87.03.liveadvert.com......08.185.87.04.liveadvert.com......08.185.87.05.liveadvert.com......08.185.87.06.liveadvert.com......08.185.87.07.liveadvert.com......08.185.87.08.liveadvert.com......08.185.87.09.liveadvert.com......08.185.87.1.liveadvert.com..

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\facebook.conf

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):134848
                                                                                                                                                                                                                                        Entropy (8bit):4.8453043441882775
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:RqJL6KX06/fF+GjjtTDf6y4ocucx9rnj0wwnGLj150voBptAQYM1vBNLdjscS/E6:4FXjjtT76LFwGV50gBLNj6/gqhXz
                                                                                                                                                                                                                                        MD5:B409CD61ED5EFC3CF83D91DE62E13215
                                                                                                                                                                                                                                        SHA1:9A68FE9F9E7B2E83CA7186CA640763D57FEC614C
                                                                                                                                                                                                                                        SHA-256:6EF3122BF7B8CB56E7B4C03E85B900BFFFCFEF9CE3500051CB99CBC084F46F5A
                                                                                                                                                                                                                                        SHA-512:E57EE84CBD2689738FB062F102D34EE83D4DF3363E65CF60218EA2D80DAB8CF2C4AFFB62146C98B7E3E5BB7E09314DB15F251EB661DBB53A743660AEF3BE4EEA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0-channel-proxy-07-ash2.facebook.com...0-edge-chat.facebook.com...1-channel-proxy-07-ash2.facebook.com...1-edge-chat.facebook.com...11.lla2.facebook.com...2-channel-proxy-07-ash2.facebook.com...2-edge-chat.facebook.com...2fookaside.fbsbx.com...3-channel-proxy-07-ash2.facebook.com...3-edge-chat.facebook.com...4-channel-proxy-07-ash2.facebook.com...4-edge-chat.facebook.com...5-channel-proxy-07-ash2.facebook.com...5-edge-chat.facebook.com...6-channel-proxy-07-ash2.facebook.com...6-edge-chat.facebook.com...9fdmqbgdmp.apps.fbsbx.com...a.ns.facebook.com...a.ns.t.facebook.net...a.ok.facebook.com...a3.sphotos.ak.fbcdn.net...adtools.facebook.com...ae0.bb01.ams2.tfbnw.net...ae0.bb01.atl1.tfbnw.net...ae0.bb01.bos2.tfbnw.net...ae0.bb01.hkg1.tfbnw.net...ae0.bb01.hnd1.tfbnw.net...ae0.bb01.lhr2.tfbnw.net...ae0.bb01.lla1.tfbnw.net...ae0.bb01.mia1.tfbnw.net...ae0.bb01.nrt1.tfbnw.net...ae0.bb01.sin1.tfbnw.net...ae0.bb02.ams2.tfbnw.net...ae0.bb02.atl1.tfbnw.net...ae0.bb02.bos2.tfbnw.net...ae0.bb02.hkg1.t

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\downloads\remote.ver

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29
                                                                                                                                                                                                                                        Entropy (8bit):3.82783261647491
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:X+6tV5tox:1btox
                                                                                                                                                                                                                                        MD5:4E2A597F1C4A5704EF9D7485742D96CD
                                                                                                                                                                                                                                        SHA1:8E581E8121F626553A6CBDF898ABEC74EFE5BD08
                                                                                                                                                                                                                                        SHA-256:51D2CAA84906843C68657A73CC24F515042A9F96F77B56D414E1DF225F6981D3
                                                                                                                                                                                                                                        SHA-512:182C8FC8C47057BE92E07C21DF091E3DF14AA30224DF2D978264A77B4E05A1EC341B8A89C37D7153AD41DF66FAB869DD398C7B8E0B2B24DE3F73C6201063512D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Mon, 01 Aug 2022 16:14:05 GMT

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\initial\adservers.conf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1056575
                                                                                                                                                                                                                                        Entropy (8bit):4.782467262964209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:zm5eVEzDtB/fKGUu1GlEHh1pfRH+NYnlqxqiiiNtWl:zm5eVwtB/Shu1GaHh1hRHgYlOiii
                                                                                                                                                                                                                                        MD5:C7183C7E129894D2634E14D86C2C9D94
                                                                                                                                                                                                                                        SHA1:40A97A2D57DACCD4AE455958BE3F0C44AEF12521
                                                                                                                                                                                                                                        SHA-256:1C288BD7A4BF7BF322F3C2949F65AF3302019E93E7F92F211955A15C666A4A8B
                                                                                                                                                                                                                                        SHA-512:56A1ADD9DE07EB49DE8440F00772B211E382DC244A5CD9D5D4C7AE73CF56ABDB2E76F3CDB1D81CC8D2CD0E21616844F20C9E24C9F3B21A46307C983A455B5E8B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0001-cab8-4c8c-43de.reporo.net..002-slq-470.mktoresp.com..004-btr-463.mktoresp.com..005.free-counters.co.uk..006.free-counters.co.uk..0075-7112-e7eb-f9b9.reporo.net..007.free-counters.co.uk..008.free-counters.co.uk..009.bapi.adsafeprotected.com..009-yli-241.mktoresp.com..00b5-d72d-8252-a96c.reporo.net..00f9-d59a-b75d-8898.reporo.net..00v07c3k7o.kameleoon.eu..010-knz-501.mktoresp.com..011-ubx-120.mktoresp.com..012.2o7.net..014-clr-420.mktoresp.com..01e7-6f86-e035-c4b6.reporo.net..0218-8f89-7967-768b.reporo.net..023-ezk-120.mktoresp.com..024f-c409-1d64-9c88.reporo.net..026-yoz-259.mktoresp.com..0271-842d-5a8b-d2c9.reporo.net..028-mbr-250.mktoresp.com..029-bnh-970.mktoresp.com..02y7m1at09.mentalist.kameleoon.com..035-lyw-022.mktoresp.com..037-iqy-141.mktoresp.com..037-mcx-531.mktoresp.com..038-azf-323.mktoresp.com..040-sms-890.mktoresp.com..048-acr-930.mktoresp.com..048c-ec4c-aad9-392a.reporo.net..048-hld-130.mktoresp.com..049-nhe-370.mktoresp.com..049-oxj-466.mktoresp.com..04fd-74b3-b2f6

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\initial\facebook.conf (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):130921
                                                                                                                                                                                                                                        Entropy (8bit):4.854964605740121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:i0XU4NJMlLcWT4outY6fVnr6Jph2Iglhf6gjsspylSXHHxH/n0udLQqOWYbKOJ3w:5WMoutYIVxiggTlSXHBMWNOF1nP6
                                                                                                                                                                                                                                        MD5:BA1435F50EB74C8A1AD64A75EB9D478B
                                                                                                                                                                                                                                        SHA1:70EF49A54615637DB396DDDE8FB011BD62AF1E4C
                                                                                                                                                                                                                                        SHA-256:5A718BC1916D74A426905484022551FA3EC4DA678B0B1126F1D5CF674B42054D
                                                                                                                                                                                                                                        SHA-512:D73240E16152DE66C5BD20A270528AC93D66D14E7458E753254767C37C7B292197E0FD1E3C4B4B44D91BF720C038D2DF294B1AE1A5884DDA45D4955B248FE9E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0-channel-proxy-07-ash2.facebook.com..0-edge-chat.facebook.com..1-channel-proxy-07-ash2.facebook.com..1-edge-chat.facebook.com..11.lla2.facebook.com..2-channel-proxy-07-ash2.facebook.com..2-edge-chat.facebook.com..2fookaside.fbsbx.com..3-channel-proxy-07-ash2.facebook.com..3-edge-chat.facebook.com..4-channel-proxy-07-ash2.facebook.com..4-edge-chat.facebook.com..5-channel-proxy-07-ash2.facebook.com..5-edge-chat.facebook.com..6-channel-proxy-07-ash2.facebook.com..6-edge-chat.facebook.com..9fdmqbgdmp.apps.fbsbx.com..a.ns.facebook.com..a.ns.t.facebook.net..a.ok.facebook.com..a3.sphotos.ak.fbcdn.net..adtools.facebook.com..ae0.bb01.ams2.tfbnw.net..ae0.bb01.atl1.tfbnw.net..ae0.bb01.bos2.tfbnw.net..ae0.bb01.hkg1.tfbnw.net..ae0.bb01.hnd1.tfbnw.net..ae0.bb01.lhr2.tfbnw.net..ae0.bb01.lla1.tfbnw.net..ae0.bb01.mia1.tfbnw.net..ae0.bb01.nrt1.tfbnw.net..ae0.bb01.sin1.tfbnw.net..ae0.bb02.ams2.tfbnw.net..ae0.bb02.atl1.tfbnw.net..ae0.bb02.bos2.tfbnw.net..ae0.bb02.hkg1.tfbnw.net..ae0.bb02.lhr2.tfbnw.net..

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\initial\is-0K6H4.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1056575
                                                                                                                                                                                                                                        Entropy (8bit):4.782467262964209
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:zm5eVEzDtB/fKGUu1GlEHh1pfRH+NYnlqxqiiiNtWl:zm5eVwtB/Shu1GaHh1hRHgYlOiii
                                                                                                                                                                                                                                        MD5:C7183C7E129894D2634E14D86C2C9D94
                                                                                                                                                                                                                                        SHA1:40A97A2D57DACCD4AE455958BE3F0C44AEF12521
                                                                                                                                                                                                                                        SHA-256:1C288BD7A4BF7BF322F3C2949F65AF3302019E93E7F92F211955A15C666A4A8B
                                                                                                                                                                                                                                        SHA-512:56A1ADD9DE07EB49DE8440F00772B211E382DC244A5CD9D5D4C7AE73CF56ABDB2E76F3CDB1D81CC8D2CD0E21616844F20C9E24C9F3B21A46307C983A455B5E8B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0001-cab8-4c8c-43de.reporo.net..002-slq-470.mktoresp.com..004-btr-463.mktoresp.com..005.free-counters.co.uk..006.free-counters.co.uk..0075-7112-e7eb-f9b9.reporo.net..007.free-counters.co.uk..008.free-counters.co.uk..009.bapi.adsafeprotected.com..009-yli-241.mktoresp.com..00b5-d72d-8252-a96c.reporo.net..00f9-d59a-b75d-8898.reporo.net..00v07c3k7o.kameleoon.eu..010-knz-501.mktoresp.com..011-ubx-120.mktoresp.com..012.2o7.net..014-clr-420.mktoresp.com..01e7-6f86-e035-c4b6.reporo.net..0218-8f89-7967-768b.reporo.net..023-ezk-120.mktoresp.com..024f-c409-1d64-9c88.reporo.net..026-yoz-259.mktoresp.com..0271-842d-5a8b-d2c9.reporo.net..028-mbr-250.mktoresp.com..029-bnh-970.mktoresp.com..02y7m1at09.mentalist.kameleoon.com..035-lyw-022.mktoresp.com..037-iqy-141.mktoresp.com..037-mcx-531.mktoresp.com..038-azf-323.mktoresp.com..040-sms-890.mktoresp.com..048-acr-930.mktoresp.com..048c-ec4c-aad9-392a.reporo.net..048-hld-130.mktoresp.com..049-nhe-370.mktoresp.com..049-oxj-466.mktoresp.com..04fd-74b3-b2f6

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\domains\initial\is-5CE3O.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):130921
                                                                                                                                                                                                                                        Entropy (8bit):4.854964605740121
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:i0XU4NJMlLcWT4outY6fVnr6Jph2Iglhf6gjsspylSXHHxH/n0udLQqOWYbKOJ3w:5WMoutYIVxiggTlSXHBMWNOF1nP6
                                                                                                                                                                                                                                        MD5:BA1435F50EB74C8A1AD64A75EB9D478B
                                                                                                                                                                                                                                        SHA1:70EF49A54615637DB396DDDE8FB011BD62AF1E4C
                                                                                                                                                                                                                                        SHA-256:5A718BC1916D74A426905484022551FA3EC4DA678B0B1126F1D5CF674B42054D
                                                                                                                                                                                                                                        SHA-512:D73240E16152DE66C5BD20A270528AC93D66D14E7458E753254767C37C7B292197E0FD1E3C4B4B44D91BF720C038D2DF294B1AE1A5884DDA45D4955B248FE9E5
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:0-channel-proxy-07-ash2.facebook.com..0-edge-chat.facebook.com..1-channel-proxy-07-ash2.facebook.com..1-edge-chat.facebook.com..11.lla2.facebook.com..2-channel-proxy-07-ash2.facebook.com..2-edge-chat.facebook.com..2fookaside.fbsbx.com..3-channel-proxy-07-ash2.facebook.com..3-edge-chat.facebook.com..4-channel-proxy-07-ash2.facebook.com..4-edge-chat.facebook.com..5-channel-proxy-07-ash2.facebook.com..5-edge-chat.facebook.com..6-channel-proxy-07-ash2.facebook.com..6-edge-chat.facebook.com..9fdmqbgdmp.apps.fbsbx.com..a.ns.facebook.com..a.ns.t.facebook.net..a.ok.facebook.com..a3.sphotos.ak.fbcdn.net..adtools.facebook.com..ae0.bb01.ams2.tfbnw.net..ae0.bb01.atl1.tfbnw.net..ae0.bb01.bos2.tfbnw.net..ae0.bb01.hkg1.tfbnw.net..ae0.bb01.hnd1.tfbnw.net..ae0.bb01.lhr2.tfbnw.net..ae0.bb01.lla1.tfbnw.net..ae0.bb01.mia1.tfbnw.net..ae0.bb01.nrt1.tfbnw.net..ae0.bb01.sin1.tfbnw.net..ae0.bb02.ams2.tfbnw.net..ae0.bb02.atl1.tfbnw.net..ae0.bb02.bos2.tfbnw.net..ae0.bb02.hkg1.tfbnw.net..ae0.bb02.lhr2.tfbnw.net..

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-1T87C.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):98144
                                                                                                                                                                                                                                        Entropy (8bit):6.191480094314726
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:wbQZwEgZDf4mkpxHAnFce6KBE1BLt35pEXOy36E7If1:wbQZwENKE1BCXOG6EMN
                                                                                                                                                                                                                                        MD5:DC6723D0C1C83F6FA274D65D65A47962
                                                                                                                                                                                                                                        SHA1:4F5147E4808EA4E7BE6F6648F91089ED98FF3120
                                                                                                                                                                                                                                        SHA-256:2E27187FCD3E1216D20EFAB042151F4EDBDC10D8CC3C2ADF330C0B64EBB8CEA0
                                                                                                                                                                                                                                        SHA-512:25464806174C060C4FAAA23458F59D5F47D953232713238A7077F387FAC97DD15DD8DCB34632131176341AE8E046D0320ED8EF87782322D623ED1F388A5E142D
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........].A.3.A.3.A.3.H...Q.3..Z..E.3...7.I.3...0.E.3...6.].3...2.G.3...2.T.3.A.2.6.3..:.f.3..3.@.3....@.3.A...@.3..1.@.3.RichA.3.........PE..d...C.#`.........." .........0).....<........................................0*....../....`......................................... ...\...|.........*.8.....*......P..`/... *.l.......p.......................(... ...8...............P............................text.............................. ..`.rdata...e.......f..................@..@.data....(..@.......$..............@....pdata........*......8..............@..@.rsrc...8.....*......F..............@..@.reloc..l.... *......L..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-29DHH.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):41824
                                                                                                                                                                                                                                        Entropy (8bit):6.383810378377154
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:5MoM+9NiHTCNEAsogABab34C5EXGiWwxu5YicVqeEO:X9NizCNEAso/MMAiJ27ts
                                                                                                                                                                                                                                        MD5:61E336DD16128398B546C70439C2BD3F
                                                                                                                                                                                                                                        SHA1:4BB959D12C1184D64D439B3C21FFE8C4AD5CA5AE
                                                                                                                                                                                                                                        SHA-256:4F5160AF8F4AA67F76613924280FB16DA450C97EB657C871D9E42EC8A613ACF1
                                                                                                                                                                                                                                        SHA-512:3506DF990FDFF07090D2F88A3AA56B8EA621DC412294B165DEE532F7BBF40C4B00268F55A188E599DF0D0D8151A644205104689716EBC78F40C83DAB6A61A9E3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@)...H.Y.H.Y.H.Y.0*Y.H.Y.%.X.H.Y.%.X.H.Y.%.X.H.Y.%.X.H.Ya..X.H.Y.H.Y3H.Y.&.X.H.Y.&.X.H.Y.&FY.H.Y.H.Y.H.Y.&.X.H.YRich.H.Y........................PE..d.....c.........." .....8...>......p>..............................................W.....`..........................................p..x...Xq.......................t..`/......8....h..T...........................0i...............P...............................text....7.......8.................. ..`.rdata...'...P...(...<..............@..@.data...8............d..............@....pdata...............f..............@..@.rsrc................j..............@..@.reloc..8............p..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-2DJ13.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1012576
                                                                                                                                                                                                                                        Entropy (8bit):6.448982788137045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:MgVfxCIGEvc9iDM/n+h7YKMEw+WobpLe2DF+0aA:zfkIVc98O+HDdlj
                                                                                                                                                                                                                                        MD5:8B7ACF836560A8E41423F1BB60A3B308
                                                                                                                                                                                                                                        SHA1:3DBCA75DDD19E447747865E227D456D7B0694281
                                                                                                                                                                                                                                        SHA-256:C2E049E90D23B692D1A01CA88D6D95C88B9C6D8CF0257314AE749C0C55906692
                                                                                                                                                                                                                                        SHA-512:49F75A2C9E18865A55FBA824B777D0D418136A736D41DB864AF4D46571F5F285A60EFB3AEF24D129F50D2A23D3C78F6329545BC5B76C07073879DE0CB19FB0CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................J/b.....D....E.J....z......!.....pn.......C.....E......y......~......{....Rich...................PE..d...".._.........." .....0....0.....x'.......................................@<....."#....`..........................................3..M$..PW..x.....<......`;......D..`/... <.,...................................0j..p............@...............................text..../.......0.................. ..`.rdata...$...@...&...4..............@..@.data.....,..p...,...Z..............@....pdata.......`;.....................@..@.rsrc.........<......*..............@..@.reloc..,.... <.....................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-4S8D7.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):5698400
                                                                                                                                                                                                                                        Entropy (8bit):6.86709584119763
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:WX+OsTkgpXFZgsWBTqYkn4Y5zLSz1VjOB5:QtGkgpVZgZ3OB5
                                                                                                                                                                                                                                        MD5:C7119E2A05DB13F4888321D28E215C07
                                                                                                                                                                                                                                        SHA1:2040CF5A97A671E18AEE7BBD78A9DCE70235F8AB
                                                                                                                                                                                                                                        SHA-256:B10D464D5B329829A6EC5C5BCA79D9E5E5614448BC8763CC51230A3B778B644B
                                                                                                                                                                                                                                        SHA-512:60CC31C7D054620AD2002F00D16E58728EB941AE9A8AD492D21207E916CE3E1CC4E16E9C130A084939D35EA6F2FBF9E2D5AD89F5DC31407C1E43C70A0974478A
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........-..C...C...C......C.......C.H.G...C.H.@...C.H.B...C...G...C...E...C...E...C.H.F...C...B...C...B...C.8.@...C...C...C.8.G.$.C.!.B...C...B...C...B...C.8.F...C.8.....C......C.8.A...C.Rich..C.........PE..d......c..........".......*..x,.....D.)........@.............................PW.......W...`..................................................U7.......:.......8.......V.`/....V..p...94.T....................;4.(....:4...............*. ............................text.....*.......*................. ..`.rdata........*.......*.............@..@.data.........7.......7.............@....pdata........8......d8.............@..@CPADinfo8.....:......b:.............@....rsrc.........:......d:.............@..@.reloc...p....V..r...RV.............@..B................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-6PM28.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3137376
                                                                                                                                                                                                                                        Entropy (8bit):6.363796358990638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:pdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg333yp:aHDYsqiPRhINnq95FoHVBg333Y
                                                                                                                                                                                                                                        MD5:1228C03BA840482EAC14E25B727F65B5
                                                                                                                                                                                                                                        SHA1:EAA92BE989FF71DC2B7CF090B2A8183A3C44E655
                                                                                                                                                                                                                                        SHA-256:A048CCBD5797616ED03EA8C13DDEA2EC868E0EA22ECC6F475BF7E3BA42AA77B7
                                                                                                                                                                                                                                        SHA-512:77E874DC88B428C43A72ED8AB9E00E98872E9B47C4AD18F35019AA26C89DE909448D5EC83A289ED87D8DDBEA6E9515C5932973CF54EA3F535D7F2E11BC2318BB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..j......`V,......`,...@...........................0......0...@......@....................-.......-..9..................../.`/....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-72D60.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3175264
                                                                                                                                                                                                                                        Entropy (8bit):6.687389262385987
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:YGtlqcUVwASO9CIU6ippiZ9Ky1X8TrqvwwoIUvKqHhI08eLo5dnmPLpqI+5:Ul+zdsowKI7eL2n4pk
                                                                                                                                                                                                                                        MD5:97A08C6366F4589739209FDB43B4B3EC
                                                                                                                                                                                                                                        SHA1:56B57F33D510DE026207A8B37EA93DB8447A11B8
                                                                                                                                                                                                                                        SHA-256:5D15B23E628BE6147EA04DF302B5A06CEB8420B3BFC41872E2F90B0511BC11B1
                                                                                                                                                                                                                                        SHA-512:D83E83D3C252622B13004C60BED56653C284462240553D12DFD22989FA2FDC34A06DC8B388F1FE2ADED478542299356AAEFC2E4691E8DB396BCF7A9E65AF94B1
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......I.b......................&.............................................h.......h...............F...........-............... ..........................Rich............................PE..d......c.........."......."..........@"........@..............................2.......1...`.................................................l}-......P2.8.....0.X....D0.`/...`2..g.. .+.T.....................+.(.....+..............."..............................text....."......."................. ..`.rdata...&...."..(....".............@..@.data...8.....-.......-.............@....pdata..X.....0......@..............@..@.rsrc...8....P2......./.............@..@.reloc...g...`2..h..../.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-7LV2F.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):392544
                                                                                                                                                                                                                                        Entropy (8bit):6.392202471387465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Qg6AG6Lw9ZpC5UB8vJLGdT3mfw6sJLt7fO0:qAU9XCSB8vJyhO+y0
                                                                                                                                                                                                                                        MD5:7675D174DEFF6164ADF6C2B128756968
                                                                                                                                                                                                                                        SHA1:F27566E328E2B7ACC9ED76BE94282C036CA089E7
                                                                                                                                                                                                                                        SHA-256:BBE6B2713FFE2FAED6EA3401A9C041A7D1D0D3D4EDB65593C7220A6EC27AC513
                                                                                                                                                                                                                                        SHA-512:46AFC967C88D15682024869602F8D3A15319AEBF47E6FCDD90F36A641238F1BF61DFAC275539B1CAA002A43BED6CBAC3CACA3DAF588FF7C201DF23498400ECEC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..^....................T......................................J..........................g............Rich............PE..d......b.........." .................................................................O....`.............................................P........................=......`/......$...@...8.......................(.......8............................................text...|........................... ..`.rdata...6.......8..................@..@.data........ ...x..................@....pdata...=.......>..................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-B0RRR.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):391520
                                                                                                                                                                                                                                        Entropy (8bit):6.693470744878328
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:xnKUo3rRWseDqLDApS/uCFe0Rs+M3XdtzaOmqqDTzuU7KLn/kG:xebRWseDyDApcul37ndpaSqnzHKLF
                                                                                                                                                                                                                                        MD5:0D49F321FD21B3995642CB9191D24840
                                                                                                                                                                                                                                        SHA1:D12C248402C50820DCC86CF6D662390859611993
                                                                                                                                                                                                                                        SHA-256:C6A88064B6C238B01933D01877AD751EF6441406FCAC52706E7192998CC25D3B
                                                                                                                                                                                                                                        SHA-512:30F7FE44FA0976EED807AD0CBD9694A8D68E5E53834AED3476631BEFBECF5BD0E86D70A2977F8C11707CB587481DBE9520839C1E5C9C71FF7A7E17B3F32097B9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.5.>.[.>.[.>.[.7..*.[..q..:.[.l._.6.[.l.X.=.[.l.^.'.[.l.Z.:.[...../.[.>.Z...[..._.".[...R...[...[.?.[.....?.[.>..?.[...Y.?.[.Rich>.[.................PE..d...q.`.........." .....<...p+.....h ...................................................`.........................................ps..T....s..@.......0........!......`/..............p...................p...(...p................P...............................text....;.......<.................. ..`.rdata..\I...P...J...@..............@..@.data.....(.........................@....pdata...!......."..................@..@.rsrc...0...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-F42KK.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):2417504
                                                                                                                                                                                                                                        Entropy (8bit):6.36658437034444
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:qH8QFfUXSCGWF5VXZXxPwp5ZvksudhrwOf65IAo8/:ejBCj57hPwHisuko8/
                                                                                                                                                                                                                                        MD5:E167DFD4BB292D7837F3C15BC8F6F7A1
                                                                                                                                                                                                                                        SHA1:D56A8B15F1DA113AFDA580F5B4271354BB8FA574
                                                                                                                                                                                                                                        SHA-256:1F64E24BB019F60755215E3AD1EFD30926E1FEBE497F029A69B83CEDCB0DAC49
                                                                                                                                                                                                                                        SHA-512:CBD5DA6AD4CD5682163B9035AF56A0CA95773CD2902D7CBCEF37A8C950D3A4B7DF6B79864305E449DDA47E48F1D4514C48DA18FB2A99334269DEEAF935947F35
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].GE..)...)...)..x....)..x....)..x....).K.*...).K.,.".).K.-.9.).......).......).......)...(...)... ...)...)...).......)......)...+...).Rich..).........PE..d....h.].........." ..........................................................%.....M9%...`.........................................0..........,.... "...... !.h.....$.`/....$.H.......T...........................@................................................text...H........................... ..`.rdata..............................@..@.data....E..........................@....pdata..h.... !......V .............@..@.rsrc........ "......T!.............@..@.reloc..H.....$.......$.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-HFHLD.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4443488
                                                                                                                                                                                                                                        Entropy (8bit):5.656987032242036
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:mTOSa9v4YPz6C4B6D83iGxZJgfABQm8202SboE:V473GwE
                                                                                                                                                                                                                                        MD5:CF0CC8A0A5B4784E2A2AC65A46B85659
                                                                                                                                                                                                                                        SHA1:7C861EB3221B0A931F80AE919523AB549E59F61C
                                                                                                                                                                                                                                        SHA-256:B6E905DEC17037E60465186902D25D7891DE3105F8A35E9298438275C7D19702
                                                                                                                                                                                                                                        SHA-512:FD1E6349D2001BA1EAA8B05CEDB87AF604CFA48B159E9D045AE4E2D709303241FFDE622C104CB446E49C15CDA0E81AAB3CC9243A00B1143662AF9DBE9FEAD6C9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,Y.uB..uB..uB......uB..uC..uB......uB......uB......uB....uB....uB....uB.Rich.uB.........................PE..d......[.........." .....p...LC...............................................C.......D...`..........................................~C.p....wC.(.............C.t.....C.`/....C.....................................@pC.p............................................text....o.......p.................. ..`.rdata....B.......C..t..............@..@.data....5....C......tC.............@....pdata..t.....C.......C.............@..@.reloc........C.......C.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-IIBD1.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29278048
                                                                                                                                                                                                                                        Entropy (8bit):5.898886715247607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:bR0KDcKMMk72vv6wHMHYqUpXAzs0kPEIp9UCaMsxxK5oXsuHMBc6MC1CdsCMXCcE:uKBHMHYPZ/E29UIyH
                                                                                                                                                                                                                                        MD5:BB9C8F144E96DAF17E975B064ACD5908
                                                                                                                                                                                                                                        SHA1:95CE8619B94D8C8227767FDE2B79C7F695FE7183
                                                                                                                                                                                                                                        SHA-256:8EC1103A01B9086A0BFEC68201071905F2BA29567E672976EDF0179869DB624A
                                                                                                                                                                                                                                        SHA-512:423E21F91B7A7330CA38190ED9BC70596C944E129C89C77FFC83FD4F4A86460317ECD5E651212ADB4DB4E2804C5EF4D728FFD2D54922215452575DC1B21EC46B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......... .wss.wss.wss...s.wss..wr.wss..pr.wss..vr.wss..rr.wss.s.wss|.rr.wss.s.wss...s.wss.wrslvss.s.wss].wr.wss].vr.wssd.vr.wssd.zr.wssd.sr.wssd..s.wss.w.s.wssd.qr.wssRich.wss........................PE..d....q._.........." ...............h....................................................`.........................................`...t.......T......(........?......`/.....4....%..p...................0'..(...0&..................p............................text............................... ..`.rdata...\.......^..................@..@.data....G...@..."...2..............@....pdata...?.......@...T..............@..@.nv_fatb..........................@....nvFatBi.............|..............@....rsrc...(...........~..............@..@.reloc..4..........................@..B........................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-JLEGQ.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3671392
                                                                                                                                                                                                                                        Entropy (8bit):6.451457824367643
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:ADV9q3112pbQUEI7Z1tIP8Zn0Hv3NsOuw2b9QDxg/1dfXGvply48q00b3hVPWlG2:cPHtovS3mldlslGBsN
                                                                                                                                                                                                                                        MD5:6BCBB964E1FE28513B22273F136A4B37
                                                                                                                                                                                                                                        SHA1:FDE4927B46BAC2340F65FE2811C2307C798E2398
                                                                                                                                                                                                                                        SHA-256:10C027BDD8008AD62C7E3AB5ABD92D2573BB9474A9EA8FFEB218B43A2EFAAB09
                                                                                                                                                                                                                                        SHA-512:6E587FDA68BC9E9683F2BECE39A5FF9357CCCD12EA1E3669F8D7C675479B476F482DE0E2FEA20E7A0F4FEC72ABDE7EC1B0BEFFA1EED79461ABD006427D182FED
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........W?x]6Q+]6Q+]6Q+TN.+K6Q+.CU*U6Q+.CR*Y6Q+.CT*C6Q+.CP*[6Q+;Y.+[6Q+.FW*\6Q+.CU*?4Q+.CP*^6Q+.FP*}6Q+]6P+.4Q+.CT*.7Q+.CQ*\6Q+.C.+\6Q+]6.+\6Q+.CS*\6Q+Rich]6Q+................PE..d....v.c.........." ......$...;.......#.......................................`.....?.8...`.........................................P.3.,...|.3.0....P`.P....`^.......7.`/...``.@.....0.T.....................0.(...0.0.8.............%..............................text.....$.......$................. ..`.rdata...<....%..>....$.............@..@.data... .*..P4..:...44.............@....pdata.......`^......n5.............@..@.rsrc...P....P`......P7.............@..@.reloc..@....``......V7.............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-L9G10.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):935264
                                                                                                                                                                                                                                        Entropy (8bit):5.739343016319503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vuk+yClbe6tAM5CLXe3KiONZx8rEOMdt2WaUk15:Vuk+yClbe6tAWCLXe3KiONZx8rEOMdtC
                                                                                                                                                                                                                                        MD5:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        SHA1:8015C003FDF94D5991902437D2E98AE2D7CBCCF3
                                                                                                                                                                                                                                        SHA-256:BFB062608229199430BD5F729FDE00147451C074775EE5BF0E2917F7B239DF96
                                                                                                                                                                                                                                        SHA-512:2F64D56F2DD6FF3F4C334540338AF223A9A05E50B58E988DE112712FE429698393B0ACC50CE61831E418B8D63E8029D47473777DC346135303B80AD753CCC4AB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(l..l..Wl..Wl..Weu7Wx..W.`.Vs..W.`.Vf..W.`.Vo..W.`.Vj..W.c.Vi..W.k.Va..Wl..Wl..W.c.Vm..W.c.V...W.c[Wm..W.c.Vm..WRichl..W........PE..d.....c.........."..........@.......;.........@....................................Ek....`..........................................................p..<....P..(.......`/...........x..8.......................(....y...............................................text............................... ..`.rdata..z...........................@..@.data....3.......,..................@....pdata..h....P......................@..@.idata..|A.......B..................@..@.tls.........@......................@....00cfg.......P......................@..@CPADinfoC....`......................@....rsrc...<....p......................@..@.reloc..............................@..B................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-LNP37.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15655776
                                                                                                                                                                                                                                        Entropy (8bit):6.686365412449452
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:4QxPPanEiawYfXOhiLF9T+v4lX2KufhD0bJBFR8DTDi:4CPCnEiawYPOYj+v4lX2KufhD0bzUXi
                                                                                                                                                                                                                                        MD5:D5241D5332B49E7D37560FC5C07C554A
                                                                                                                                                                                                                                        SHA1:C8A379B5BA60DED30A67E6A44A5CD9CB4C1FFD3B
                                                                                                                                                                                                                                        SHA-256:0585F98440BA62A37FB4C571E1E18ADDA72E0409BDD3670387FE46BFB8599694
                                                                                                                                                                                                                                        SHA-512:EEC95C32588BB06E6DDE242C55FB616FF3732C7668ED6E8AA0F7CF24A5F70880DD34E26D29C53C7DBB87DA3CB037190922FA44A647C8E8BB4E30B5D65B3287CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................nSr...-.~.....X..............0.c.....c.....c.....K.....K.....K.....K.J...K.....Rich..........PE..d......[.........." .........W.....L.7...................................................`..........................................n..x...Xp..d.......................`/... ..................................(......................8............................text............................. ..`.rdata....>......>.................@..@.data...$............p..............@....pdata..............................@..@.tls................................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-P4D6E.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1888608
                                                                                                                                                                                                                                        Entropy (8bit):6.5856043964252216
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:YTMAY7B/seDVOiqc4l5VklP5N4yS4dy7jIL8:YAseDVOxyqfIL8
                                                                                                                                                                                                                                        MD5:B4110EBAC0EE2DB8D636C98E311D4DFB
                                                                                                                                                                                                                                        SHA1:98A4D53EAF3172C4583473E56FABC097021FE68B
                                                                                                                                                                                                                                        SHA-256:001C17F8E35EF7E887E3F52D4DD9EA38227ADE406BBCA01F138CB2E84A48B534
                                                                                                                                                                                                                                        SHA-512:BACD3F2298C1B2CD7BF41869A4EE5224A073E3E5503423CACA2EEC5388414264E32654427B030EF5BAAE1BA1D59B01F625ECB37D5046564B1C567685B590607E
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......U..T..............-.....6up.....6uq..............y.....C......C......C......C.......Lu........._...................A.......)............Rich............................PE..d...Y.`.........." .....T..........................................................u.....`......................................... ...x............p..0.......(&......`/...........g..p....................h..(....g...............p...............................text...aR.......T.................. ..`.rdata..6....p.......X..............@..@.data...8...........................@....pdata..(&.......(..................@..@.nv_fatb8...........................@....nvFatBi0....`......................@....rsrc...0....p......................@..@.reloc..............................@..B................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-PPNGI.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18941360
                                                                                                                                                                                                                                        Entropy (8bit):6.353760399513098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:u2rH21B1ltLp9fVo3AP09wl54vwiHH8OcDNbQ+z+1kQKL7ELQQNJfdAja11M:A1pjo3APdUIZHBQ2QKLue
                                                                                                                                                                                                                                        MD5:53363402E20D8F4C8A4067681AC18A06
                                                                                                                                                                                                                                        SHA1:52280AD80131A99F5AF97E6AE03A2FACA9F15699
                                                                                                                                                                                                                                        SHA-256:291136C76A0DAC005C72D4D1E280C7DCE383EFA3D3C31D7CD229D203CE835750
                                                                                                                                                                                                                                        SHA-512:4FA21396CB55B45CC97D54B0589265602DAFC0615E43AF1A7012DE7F436866B9DC527DB50F2B1E8A6153A7BB25C704C8D23ABEE47702FE5590011C4185CF1DF3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#.b....?.....& ... .ta..x......0........................................P......U.!...`... ......................................p...........$..................P. .`/.....T........................... .~.(...................h................................text...xsa......ta.................`.p`.data....O....a..V...za.............@.`..rdata..(.....a.......a.............@..@.pdata..............................@.0@.xdata..............................@.@@.bss....p....P........................`..edata.......p.......8..............@.0@.idata...$.......&...:..............@.0..CRT.................`..............@.@..tls.................b..............@.@..reloc..T...........d..............@.0B/4......`............~..............@..B/19.....=...........................@..B/35..................@..............@..B/51.....7...........B..............@..B/63.....

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-QNP4V.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3137376
                                                                                                                                                                                                                                        Entropy (8bit):6.363796358990638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:pdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg333yp:aHDYsqiPRhINnq95FoHVBg333Y
                                                                                                                                                                                                                                        MD5:1228C03BA840482EAC14E25B727F65B5
                                                                                                                                                                                                                                        SHA1:EAA92BE989FF71DC2B7CF090B2A8183A3C44E655
                                                                                                                                                                                                                                        SHA-256:A048CCBD5797616ED03EA8C13DDEA2EC868E0EA22ECC6F475BF7E3BA42AA77B7
                                                                                                                                                                                                                                        SHA-512:77E874DC88B428C43A72ED8AB9E00E98872E9B47C4AD18F35019AA26C89DE909448D5EC83A289ED87D8DDBEA6E9515C5932973CF54EA3F535D7F2E11BC2318BB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..j......`V,......`,...@...........................0......0...@......@....................-.......-..9..................../.`/....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-QOB6D.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):899424
                                                                                                                                                                                                                                        Entropy (8bit):6.4356239735232466
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:q0TQMH6umv56EWg/L/A2eJAUS1m7JodWEfz:LauK6E1rq5SktZK
                                                                                                                                                                                                                                        MD5:79CAE1118A31818AF31B388EE4808A1B
                                                                                                                                                                                                                                        SHA1:9054393F36900CA638A6F58C31F6ED8B5E08FFB4
                                                                                                                                                                                                                                        SHA-256:8D8770FD885E0BB8A28FC96F31209F05D6B4DB9B4036666BD5500D13B2FAEB84
                                                                                                                                                                                                                                        SHA-512:0E320CBA17C28BEDC5BCD603C462BEA62D658CA1AA6D8C954D1B68AE8597B8631ED20AA8754139702AE41D970458F681D4417C3CAAA6E4E52A7DDE4AEB6538DC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......2[I.v:'.v:'.v:'..B..`:'..U.r:'.$O#.~:'.$O$.r:'.$O".S:'.$O&.p:'..J&.a:'.v:&.t8'..O$.w:'..O#.R:'..O".):'..O'.w:'..O.w:'.v:..w:'..O%.w:'.Richv:'.........................PE..d....v.c.........." .....r....-...............................................6.....r.....`..............................................P...f........6.@.....6.\y......`/....6.$.......T.......................(...p...8............................................text....q.......r.................. ..`.rdata..F............v..............@..@.data....V)......l..................@....pdata..\y....6..z..................@..@_SHA3_25@.....6......l..............@..`.rsrc...@.....6......v..............@..@.reloc..$.....6......|..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-SCJGQ.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):935264
                                                                                                                                                                                                                                        Entropy (8bit):5.739343016319503
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:Vuk+yClbe6tAM5CLXe3KiONZx8rEOMdt2WaUk15:Vuk+yClbe6tAWCLXe3KiONZx8rEOMdtC
                                                                                                                                                                                                                                        MD5:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        SHA1:8015C003FDF94D5991902437D2E98AE2D7CBCCF3
                                                                                                                                                                                                                                        SHA-256:BFB062608229199430BD5F729FDE00147451C074775EE5BF0E2917F7B239DF96
                                                                                                                                                                                                                                        SHA-512:2F64D56F2DD6FF3F4C334540338AF223A9A05E50B58E988DE112712FE429698393B0ACC50CE61831E418B8D63E8029D47473777DC346135303B80AD753CCC4AB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(l..l..Wl..Wl..Weu7Wx..W.`.Vs..W.`.Vf..W.`.Vo..W.`.Vj..W.c.Vi..W.k.Va..Wl..Wl..W.c.Vm..W.c.V...W.c[Wm..W.c.Vm..WRichl..W........PE..d.....c.........."..........@.......;.........@....................................Ek....`..........................................................p..<....P..(.......`/...........x..8.......................(....y...............................................text............................... ..`.rdata..z...........................@..@.data....3.......,..................@....pdata..h....P......................@..@.idata..|A.......B..................@..@.tls.........@......................@....00cfg.......P......................@..@CPADinfoC....`......................@....rsrc...<....p......................@..@.reloc..............................@..B................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-SJLDE.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):73
                                                                                                                                                                                                                                        Entropy (8bit):3.1377695485602666
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:66YvWCc1KSUtvnnSjjhgLSTLUU:61WCcJUdnShOSTLv
                                                                                                                                                                                                                                        MD5:D9229B2BF6EA93565EBBEB81459025C1
                                                                                                                                                                                                                                        SHA1:5B8AF056D1A853B73AC94903EDD1D6F167AF8D22
                                                                                                                                                                                                                                        SHA-256:F975168980DC06D1F64400C045F73E13E4E68AB8F350AA23304924461CCE1CB6
                                                                                                                                                                                                                                        SHA-512:AB8650D51B0606738001E70ACB28F18A7B3A89445BA64F1264908E6D9CC6A94FA93D7B35377E817A5DB98E8050C8C9942782DDCCCEB0C9795F3E05B5E9D4304C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:9.9.9.9..8.8.8.8..8.8.4.4..9.9.9.9..1.1.1.1..208.67.222.222...76.76.19.19

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\is-VF008.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):140128
                                                                                                                                                                                                                                        Entropy (8bit):6.112789273542535
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:HFEflWr8nVIX4dpaJ0gS/CZB/sImp3eqD6fNEmOzWt0DOCYmihNA7P8LA9WhdCm:HFEflWr8nVImF/LesVzWt0yML70U0x
                                                                                                                                                                                                                                        MD5:7642760AA3F3191BECC621EE0402B4B6
                                                                                                                                                                                                                                        SHA1:06E1173A937D78B038B615893D22869B8DABB6FB
                                                                                                                                                                                                                                        SHA-256:4C6F3AC24C784B3F50BC831AB3B583E70DCB842C09A25A352DCB8634377AB891
                                                                                                                                                                                                                                        SHA-512:8162600149168AC6CA76987696B612DB521679B3A2EFBD0D1DEE87DF180C60043DFE75DD58A5F63B3D854644C666FF9A73718B9DF8E678A995B4CC0B68BB7760
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hh..,..^,..^,..^%q.^"..^~|._&..^~|._/..^~|._2..^~|._*..^.y._(..^.|._/..^,..^...^.|._2..^.|x^-..^,..^-..^.|._-..^Rich,..^........PE..d....v.c.........."............................@.............................P......w.....`..........................................................0..8...............`/...@......Xz..T....................|..(....z..8............0...............................text............................... ..`.rdata......0......................@..@.data....+..........................@....pdata..............................@..@.rsrc...8....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\kawBridge.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):29278048
                                                                                                                                                                                                                                        Entropy (8bit):5.898886715247607
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24576:bR0KDcKMMk72vv6wHMHYqUpXAzs0kPEIp9UCaMsxxK5oXsuHMBc6MC1CdsCMXCcE:uKBHMHYPZ/E29UIyH
                                                                                                                                                                                                                                        MD5:BB9C8F144E96DAF17E975B064ACD5908
                                                                                                                                                                                                                                        SHA1:95CE8619B94D8C8227767FDE2B79C7F695FE7183
                                                                                                                                                                                                                                        SHA-256:8EC1103A01B9086A0BFEC68201071905F2BA29567E672976EDF0179869DB624A
                                                                                                                                                                                                                                        SHA-512:423E21F91B7A7330CA38190ED9BC70596C944E129C89C77FFC83FD4F4A86460317ECD5E651212ADB4DB4E2804C5EF4D728FFD2D54922215452575DC1B21EC46B
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......... .wss.wss.wss...s.wss..wr.wss..pr.wss..vr.wss..rr.wss.s.wss|.rr.wss.s.wss...s.wss.wrslvss.s.wss].wr.wss].vr.wssd.vr.wssd.zr.wssd.sr.wssd..s.wss.w.s.wssd.qr.wssRich.wss........................PE..d....q._.........." ...............h....................................................`.........................................`...t.......T......(........?......`/.....4....%..p...................0'..(...0&..................p............................text............................... ..`.rdata...\.......^..................@..@.data....G...@..."...2..............@....pdata...?.......@...T..............@..@.nv_fatb..........................@....nvFatBi.............|..............@....rsrc...(...........~..............@..@.reloc..4..........................@..B........................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\nheqminer.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):392544
                                                                                                                                                                                                                                        Entropy (8bit):6.392202471387465
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:Qg6AG6Lw9ZpC5UB8vJLGdT3mfw6sJLt7fO0:qAU9XCSB8vJyhO+y0
                                                                                                                                                                                                                                        MD5:7675D174DEFF6164ADF6C2B128756968
                                                                                                                                                                                                                                        SHA1:F27566E328E2B7ACC9ED76BE94282C036CA089E7
                                                                                                                                                                                                                                        SHA-256:BBE6B2713FFE2FAED6EA3401A9C041A7D1D0D3D4EDB65593C7220A6EC27AC513
                                                                                                                                                                                                                                        SHA-512:46AFC967C88D15682024869602F8D3A15319AEBF47E6FCDD90F36A641238F1BF61DFAC275539B1CAA002A43BED6CBAC3CACA3DAF588FF7C201DF23498400ECEC
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..^....................T......................................J..........................g............Rich............PE..d......b.........." .................................................................O....`.............................................P........................=......`/......$...@...8.......................(.......8............................................text...|........................... ..`.rdata...6.......8..................@..@.data........ ...x..................@....pdata...=.......>..................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\nvml.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):1012576
                                                                                                                                                                                                                                        Entropy (8bit):6.448982788137045
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:12288:MgVfxCIGEvc9iDM/n+h7YKMEw+WobpLe2DF+0aA:zfkIVc98O+HDdlj
                                                                                                                                                                                                                                        MD5:8B7ACF836560A8E41423F1BB60A3B308
                                                                                                                                                                                                                                        SHA1:3DBCA75DDD19E447747865E227D456D7B0694281
                                                                                                                                                                                                                                        SHA-256:C2E049E90D23B692D1A01CA88D6D95C88B9C6D8CF0257314AE749C0C55906692
                                                                                                                                                                                                                                        SHA-512:49F75A2C9E18865A55FBA824B777D0D418136A736D41DB864AF4D46571F5F285A60EFB3AEF24D129F50D2A23D3C78F6329545BC5B76C07073879DE0CB19FB0CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................J/b.....D....E.J....z......!.....pn.......C.....E......y......~......{....Rich...................PE..d...".._.........." .....0....0.....x'.......................................@<....."#....`..........................................3..M$..PW..x.....<......`;......D..`/... <.,...................................0j..p............@...............................text..../.......0.................. ..`.rdata...$...@...&...4..............@..@.data.....,..p...,...Z..............@....pdata.......`;.....................@..@.rsrc.........<......*..............@..@.reloc..,.... <.....................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\nvrtc-builtins64_100.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):4443488
                                                                                                                                                                                                                                        Entropy (8bit):5.656987032242036
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:6144:mTOSa9v4YPz6C4B6D83iGxZJgfABQm8202SboE:V473GwE
                                                                                                                                                                                                                                        MD5:CF0CC8A0A5B4784E2A2AC65A46B85659
                                                                                                                                                                                                                                        SHA1:7C861EB3221B0A931F80AE919523AB549E59F61C
                                                                                                                                                                                                                                        SHA-256:B6E905DEC17037E60465186902D25D7891DE3105F8A35E9298438275C7D19702
                                                                                                                                                                                                                                        SHA-512:FD1E6349D2001BA1EAA8B05CEDB87AF604CFA48B159E9D045AE4E2D709303241FFDE622C104CB446E49C15CDA0E81AAB3CC9243A00B1143662AF9DBE9FEAD6C9
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,Y.uB..uB..uB......uB..uC..uB......uB......uB......uB....uB....uB....uB.Rich.uB.........................PE..d......[.........." .....p...LC...............................................C.......D...`..........................................~C.p....wC.(.............C.t.....C.`/....C.....................................@pC.p............................................text....o.......p.................. ..`.rdata....B.......C..t..............@..@.data....5....C......tC.............@....pdata..t.....C.......C.............@..@.reloc........C.......C.............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\nvrtc64_100_0.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):15655776
                                                                                                                                                                                                                                        Entropy (8bit):6.686365412449452
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:196608:4QxPPanEiawYfXOhiLF9T+v4lX2KufhD0bJBFR8DTDi:4CPCnEiawYPOYj+v4lX2KufhD0bzUXi
                                                                                                                                                                                                                                        MD5:D5241D5332B49E7D37560FC5C07C554A
                                                                                                                                                                                                                                        SHA1:C8A379B5BA60DED30A67E6A44A5CD9CB4C1FFD3B
                                                                                                                                                                                                                                        SHA-256:0585F98440BA62A37FB4C571E1E18ADDA72E0409BDD3670387FE46BFB8599694
                                                                                                                                                                                                                                        SHA-512:EEC95C32588BB06E6DDE242C55FB616FF3732C7668ED6E8AA0F7CF24A5F70880DD34E26D29C53C7DBB87DA3CB037190922FA44A647C8E8BB4E30B5D65B3287CD
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................nSr...-.~.....X..............0.c.....c.....c.....K.....K.....K.....K.J...K.....Rich..........PE..d......[.........." .........W.....L.7...................................................`..........................................n..x...Xp..d.......................`/... ..................................(......................8............................text............................. ..`.rdata....>......>.................@..@.data...$............p..............@....pdata..............................@..@.tls................................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\packetcrypt.dll (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):18941360
                                                                                                                                                                                                                                        Entropy (8bit):6.353760399513098
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:98304:u2rH21B1ltLp9fVo3AP09wl54vwiHH8OcDNbQ+z+1kQKL7ELQQNJfdAja11M:A1pjo3APdUIZHBQ2QKLue
                                                                                                                                                                                                                                        MD5:53363402E20D8F4C8A4067681AC18A06
                                                                                                                                                                                                                                        SHA1:52280AD80131A99F5AF97E6AE03A2FACA9F15699
                                                                                                                                                                                                                                        SHA-256:291136C76A0DAC005C72D4D1E280C7DCE383EFA3D3C31D7CD229D203CE835750
                                                                                                                                                                                                                                        SHA-512:4FA21396CB55B45CC97D54B0589265602DAFC0615E43AF1A7012DE7F436866B9DC527DB50F2B1E8A6153A7BB25C704C8D23ABEE47702FE5590011C4185CF1DF3
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....#.b....?.....& ... .ta..x......0........................................P......U.!...`... ......................................p...........$..................P. .`/.....T........................... .~.(...................h................................text...xsa......ta.................`.p`.data....O....a..V...za.............@.`..rdata..(.....a.......a.............@..@.pdata..............................@.0@.xdata..............................@.@@.bss....p....P........................`..edata.......p.......8..............@.0@.idata...$.......&...:..............@.0..CRT.................`..............@.@..tls.................b..............@.@..reloc..T...........d..............@.0B/4......`............~..............@..B/19.....=...........................@..B/35..................@..............@..B/51.....7...........B..............@..B/63.....

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\unins000.dat

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:InnoSetup Log 64-bit Adblock {bf5b0da9-8494-48d2-811b-39ea7a64d8e0}, version 0x418, 62000 bytes, 680718\37\user\376, C:\Users\user\Programs\Adblock\376\377\37
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):62000
                                                                                                                                                                                                                                        Entropy (8bit):3.9402683804812066
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:1536:E2xkF629k87aZFukzPYzVz1ikhW84qDnRLRLR+RaRIRYHcX:1Mk87aZFuBikI84qq
                                                                                                                                                                                                                                        MD5:709B540A33E43E020270E07677C4FCD9
                                                                                                                                                                                                                                        SHA1:07B3CB0C7053AC4A1A5B2596C8E7D853428C97D4
                                                                                                                                                                                                                                        SHA-256:57CF43282306BC2893EFFECF135CD1B45DFE4F4F8FA94E7A8DFAF71BD3136F8F
                                                                                                                                                                                                                                        SHA-512:631023B13B54D223885967BC0354E98C25228B3F1BC89750529C23F3D37C8DB40D307E777286D6501009BBD264870DF31817641499D8EE2E474300CBF06B5FF0
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Inno Setup Uninstall Log (b) 64-bit.............................{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}..........................................................................................Adblock.............................................................................................................................%...0...................................................................................................................`ux...................y........6.8.0.7.1.8......j.o.n.e.s......C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.P.r.o.g.r.a.m.s.\.A.d.b.l.o.c.k....................... .....z.....,..IFPS....D........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TLABEL....TLABEL..............................F....IDISPATC

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\unins000.exe (copy)

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):3137376
                                                                                                                                                                                                                                        Entropy (8bit):6.363796358990638
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:49152:pdx4HDQNJL0VR6SgMt+k4RiP+RmXMjiINiMq95FoHVHNTQTEjg333yp:aHDYsqiPRhINnq95FoHVBg333Y
                                                                                                                                                                                                                                        MD5:1228C03BA840482EAC14E25B727F65B5
                                                                                                                                                                                                                                        SHA1:EAA92BE989FF71DC2B7CF090B2A8183A3C44E655
                                                                                                                                                                                                                                        SHA-256:A048CCBD5797616ED03EA8C13DDEA2EC868E0EA22ECC6F475BF7E3BA42AA77B7
                                                                                                                                                                                                                                        SHA-512:77E874DC88B428C43A72ED8AB9E00E98872E9B47C4AD18F35019AA26C89DE909448D5EC83A289ED87D8DDBEA6E9515C5932973CF54EA3F535D7F2E11BC2318BB
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...oGXb.................B,..j......`V,......`,...@...........................0......0...@......@....................-.......-..9..................../.`/....................................-.......................-.......-......................text.....,.......,................. ..`.itext...(...0,..*....,............. ..`.data........`,......F,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-...... -.............@..@.rsrc................"-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                                                                        C:\Users\user\Programs\Adblock\unins000.msg

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):24637
                                                                                                                                                                                                                                        Entropy (8bit):3.2776142350670088
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:192:21Ej5CkHI3SCqsTr6CCPanAG1tznL7VF+Iqfc51UPYQDzDfbKJG/BwuQzWMo:21EdHXCHr6fSX+7Q1UPYQDzV/Bwu+o
                                                                                                                                                                                                                                        MD5:C96F6D08DF592FCF5FEBA3851DFBBA9B
                                                                                                                                                                                                                                        SHA1:DA9E62C834952E17292D4D72927BD4BA11066497
                                                                                                                                                                                                                                        SHA-256:FE7EC608450E388E75372979212B1BE6066D54F590562228142450AF31EC100F
                                                                                                                                                                                                                                        SHA-512:5471B8618A13DD940B0084A0FF4ED7832FB0006FAE92E70262846541FB82134FFB61E547006D21E57B961FC53525B11C730A031B301448072F31376A486FDB3C
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:Inno Setup Messages (6.0.0) (u)......................................_.......2'.C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                        C:\Windows\System32\drivers\etc\hosts

                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                        Process:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):856
                                                                                                                                                                                                                                        Entropy (8bit):4.714679240488559
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:24:QWDZh+ragzMZfuMMs1L/JU5fFCkK8T1rTt0:vDZhyoZWM9rU5fFc1
                                                                                                                                                                                                                                        MD5:94FACB9C526910C822567C07EA8CB20A
                                                                                                                                                                                                                                        SHA1:2FD823E8537E4999417C23FDF0A6C0DC9629EA2B
                                                                                                                                                                                                                                        SHA-256:F80DF1873B678272E2D73300478C084C1AE37276EAE06AB76E6B04768DDBBD3F
                                                                                                                                                                                                                                        SHA-512:FE1380F819ABC4D9711ECCA23F0A50D4CC19F0FADB4B36DD9D58A231AA8ADDEE1F72CF901602D877FEAB2559FD83E86A690D692CE2823BB5B801DB2618E9E075
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Preview:# Copyright (c) 1993-2009 Microsoft Corp...#..# This is a sample HOSTS file used by Microsoft TCP/IP for Windows...#..# This file contains the mappings of IP addresses to host names. Each..# entry should be kept on an individual line. The IP address should..# be placed in the first column followed by the corresponding host name...# The IP address and the host name should be separated by at least one..# space...#..# Additionally, comments (such as these) may be inserted on individual..# lines or following the machine name denoted by a '#' symbol...#..# For example:..#..# 102.54.94.97 rhino.acme.com # source server..# 38.25.63.10 x.acme.com # x client host....# localhost name resolution is handled within DNS itself...#.127.0.0.1 localhost..#.::1 localhost..131.107.255.255 dns.msftncsi.com

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.996761295634944
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:Software_Tool.exe
                                                                                                                                                                                                                                        File size:16'489'120 bytes
                                                                                                                                                                                                                                        MD5:9af27765527617e9d75b5ee6b418c8d6
                                                                                                                                                                                                                                        SHA1:0e5f46cf55abe0746e8ddf5d7980ad0a5475e8e7
                                                                                                                                                                                                                                        SHA256:e92ee1bc7c053bfb6b65bfce216a97d3ba5fd4f09bf9fd4f530101a60bb19030
                                                                                                                                                                                                                                        SHA512:033ae6fea1be872fbc028aa9519f558f425076b906330f6dfa2d63e9dba04bfb7efdb583cff87c16a5e4ec2c29736540b8552ec754422ee05ee97788b095bd13
                                                                                                                                                                                                                                        SSDEEP:393216:Z0PLinS4HpWU4SmtWjNowTo81+AG94I/99kWFlX:Z0DinSdU4SmtFwTo81slyWv
                                                                                                                                                                                                                                        TLSH:58F6336BFB2D09BBD96F493B3C7203F4E0B9FD14ADD746092F64324614EA418E6B1642
                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8........PE..L.....GO.................t...z...B...8.....

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:83db696d6d71322c

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x4038af
                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x4F47E2E4 [Fri Feb 24 19:20:04 2012 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:be41bf7b8cc010b614bd36bbca606973

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        sub esp, 000002D4h
                                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                        xor ebp, ebp
                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                        mov dword ptr [esp+18h], ebp
                                                                                                                                                                                                                                        mov dword ptr [esp+10h], 0040A268h
                                                                                                                                                                                                                                        mov dword ptr [esp+14h], ebp
                                                                                                                                                                                                                                        call dword ptr [00409030h]
                                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                                        call dword ptr [004090B4h]
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        call dword ptr [004092C0h]
                                                                                                                                                                                                                                        push 00000008h
                                                                                                                                                                                                                                        mov dword ptr [0047EB98h], eax
                                                                                                                                                                                                                                        call 00007FCCE08564EBh
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push 000002B4h
                                                                                                                                                                                                                                        mov dword ptr [0047EAB0h], eax
                                                                                                                                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        push 0040A264h
                                                                                                                                                                                                                                        call dword ptr [00409184h]
                                                                                                                                                                                                                                        push 0040A24Ch
                                                                                                                                                                                                                                        push 00476AA0h
                                                                                                                                                                                                                                        call 00007FCCE08561CDh
                                                                                                                                                                                                                                        call dword ptr [004090B0h]
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        mov edi, 004CF0A0h
                                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                                        call 00007FCCE08561BBh
                                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                                        call dword ptr [00409134h]
                                                                                                                                                                                                                                        cmp word ptr [004CF0A0h], 0022h
                                                                                                                                                                                                                                        mov dword ptr [0047EAB8h], eax
                                                                                                                                                                                                                                        mov eax, edi
                                                                                                                                                                                                                                        jne 00007FCCE0853ABAh
                                                                                                                                                                                                                                        push 00000022h
                                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                                        mov eax, 004CF0A2h
                                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        call 00007FCCE0855E91h
                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                        call dword ptr [00409260h]
                                                                                                                                                                                                                                        mov esi, eax
                                                                                                                                                                                                                                        mov dword ptr [esp+1Ch], esi
                                                                                                                                                                                                                                        jmp 00007FCCE0853B43h
                                                                                                                                                                                                                                        push 00000020h
                                                                                                                                                                                                                                        pop ebx
                                                                                                                                                                                                                                        cmp ax, bx
                                                                                                                                                                                                                                        jne 00007FCCE0853ABAh
                                                                                                                                                                                                                                        add esi, 02h
                                                                                                                                                                                                                                        cmp word ptr [esi], bx

                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                                                                        • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                                                                                        • [RES] VS2010 SP1 build 40219
                                                                                                                                                                                                                                        • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xac400xb4.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1340000x177e0.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x860000x994.ndata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x90000x2d0.rdata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        .text0x10000x728c0x7400419d4e1be1ac35a5db9c47f553b27ceaFalse0.6566540948275862data6.499708590628113IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .rdata0x90000x2b6e0x2c00cca1ca3fbf99570f6de9b43ce767f368False0.3678977272727273data4.497932535153822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .data0xc0000x72b9c0x20077f0839f8ebea31040e462523e1c770eFalse0.279296875data1.8049406284608531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .ndata0x7f0000xb50000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rsrc0x1340000x177e00x178007f68520000e4f6591bcfc16df6852fd8False0.7646899933510638data6.847691710502146IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                        .reloc0x14c0000xfd60x1000e00c793b0c9b5f7134c5034eca9d6123False1.002685546875data7.900247061760603IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_ICON0x1343280xdf6fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9981643035717408
                                                                                                                                                                                                                                        RT_ICON0x1422980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.3786608408124705
                                                                                                                                                                                                                                        RT_ICON0x1464c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4186721991701245
                                                                                                                                                                                                                                        RT_ICON0x148a680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4847560975609756
                                                                                                                                                                                                                                        RT_ICON0x149b100x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5405737704918033
                                                                                                                                                                                                                                        RT_ICON0x14a4980x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.5732558139534883
                                                                                                                                                                                                                                        RT_ICON0x14ab500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.600177304964539
                                                                                                                                                                                                                                        RT_DIALOG0x14afb80x100dataEnglishUnited States0.5234375
                                                                                                                                                                                                                                        RT_DIALOG0x14b0b80x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                                        RT_DIALOG0x14b1d80xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                                                                        RT_DIALOG0x14b2a00x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                                        RT_GROUP_ICON0x14b3000x68dataEnglishUnited States0.7692307692307693
                                                                                                                                                                                                                                        RT_VERSION0x14b3680x18cPGP symmetric key encrypted data - Plaintext or unencrypted data0.51010101010101
                                                                                                                                                                                                                                        RT_MANIFEST0x14b4f80x2e1XML 1.0 document, ASCII text, with very long lines (737), with no line terminatorsEnglishUnited States0.5630936227951153

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        KERNEL32.dllSetFileTime, CompareFileTime, SearchPathW, GetShortPathNameW, GetFullPathNameW, MoveFileW, SetCurrentDirectoryW, GetFileAttributesW, GetLastError, CreateDirectoryW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, ExitProcess, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, SetErrorMode, lstrcpynA, CloseHandle, lstrcpynW, GetDiskFreeSpaceW, GlobalUnlock, GlobalLock, CreateThread, LoadLibraryW, CreateProcessW, lstrcmpiA, CreateFileW, GetTempFileNameW, lstrcatW, GetProcAddress, LoadLibraryA, GetModuleHandleA, OpenProcess, lstrcpyW, GetVersionExW, GetSystemDirectoryW, GetVersion, lstrcpyA, RemoveDirectoryW, lstrcmpA, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GlobalFree, GetModuleHandleW, LoadLibraryExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, WideCharToMultiByte, lstrlenA, MulDiv, WriteFile, ReadFile, MultiByteToWideChar, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW, lstrlenW
                                                                                                                                                                                                                                        USER32.dllGetAsyncKeyState, IsDlgButtonChecked, ScreenToClient, GetMessagePos, CallWindowProcW, IsWindowVisible, LoadBitmapW, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, GetWindowRect, AppendMenuW, CreatePopupMenu, GetSystemMetrics, EndDialog, EnableMenuItem, GetSystemMenu, SetClassLongW, IsWindowEnabled, SetWindowPos, DialogBoxParamW, CheckDlgButton, CreateWindowExW, SystemParametersInfoW, RegisterClassW, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharNextA, CharUpperW, CharPrevW, wvsprintfW, DispatchMessageW, PeekMessageW, wsprintfA, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, CharNextW, GetClassInfoW, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndPaint, FindWindowExW
                                                                                                                                                                                                                                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectW, SetBkMode, SetTextColor, SelectObject
                                                                                                                                                                                                                                        SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW, SHGetSpecialFolderLocation
                                                                                                                                                                                                                                        ADVAPI32.dllRegEnumKeyW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumValueW
                                                                                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:13.774794102 CET192.168.2.41.1.1.10xd706Standard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:32.348004103 CET192.168.2.41.1.1.10xbcbdStandard query (0)downloads.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:34.929868937 CET192.168.2.41.1.1.10x2fa5Standard query (0)downloads.adblockfast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:38.956590891 CET192.168.2.41.1.1.10x93e0Standard query (0)o428832.ingest.sentry.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:41.702923059 CET192.168.2.41.1.1.10xb9Standard query (0)cdn.computewall.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.594409943 CET192.168.2.41.1.1.10x4d2Standard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.896158934 CET192.168.2.41.1.1.10xdd29Standard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.052274942 CET192.168.2.41.1.1.10xd2b2Standard query (0)api.joinmassive.com28IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.618688107 CET192.168.2.41.1.1.10x26ecStandard query (0)myexternalip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.695455074 CET192.168.2.41.1.1.10x380fStandard query (0)cdn.computewall.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:45.432316065 CET192.168.2.41.1.1.10x6086Standard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:46.834058046 CET192.168.2.41.1.1.10xc53aStandard query (0)cdn.computewall.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:48.764364004 CET192.168.2.41.1.1.10xb633Standard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:53.808532953 CET192.168.2.41.1.1.10xef67Standard query (0)o428832.ingest.sentry.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.726166010 CET192.168.2.41.1.1.10x467eStandard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.740256071 CET192.168.2.41.1.1.10xfa2bStandard query (0)downloads.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:05.148413897 CET192.168.2.41.1.1.10x5a6aStandard query (0)downloads.adblockfast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:05.976501942 CET192.168.2.41.1.1.10x8c8bStandard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:05.991143942 CET192.168.2.41.1.1.10xe5a1Standard query (0)downloads.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.319278955 CET192.168.2.41.1.1.10xa0fdStandard query (0)api.joinmassive.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.334861040 CET192.168.2.41.1.1.10xf49dStandard query (0)downloads.joinmassive.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:13.912441015 CET1.1.1.1192.168.2.40xd706No error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:13.912441015 CET1.1.1.1192.168.2.40xd706No error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:13.912441015 CET1.1.1.1192.168.2.40xd706No error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:13.912441015 CET1.1.1.1192.168.2.40xd706No error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:32.588586092 CET1.1.1.1192.168.2.40xbcbdNo error (0)downloads.joinmassive.com18.66.161.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:32.588586092 CET1.1.1.1192.168.2.40xbcbdNo error (0)downloads.joinmassive.com18.66.161.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:32.588586092 CET1.1.1.1192.168.2.40xbcbdNo error (0)downloads.joinmassive.com18.66.161.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:32.588586092 CET1.1.1.1192.168.2.40xbcbdNo error (0)downloads.joinmassive.com18.66.161.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:35.155083895 CET1.1.1.1192.168.2.40x2fa5No error (0)downloads.adblockfast.com172.67.74.54A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:35.155083895 CET1.1.1.1192.168.2.40x2fa5No error (0)downloads.adblockfast.com104.26.14.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:35.155083895 CET1.1.1.1192.168.2.40x2fa5No error (0)downloads.adblockfast.com104.26.15.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:39.192850113 CET1.1.1.1192.168.2.40x93e0No error (0)o428832.ingest.sentry.io34.120.195.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:41.970673084 CET1.1.1.1192.168.2.40xb9No error (0)cdn.computewall.com104.26.2.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:41.970673084 CET1.1.1.1192.168.2.40xb9No error (0)cdn.computewall.com104.26.3.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:41.970673084 CET1.1.1.1192.168.2.40xb9No error (0)cdn.computewall.com172.67.68.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.829680920 CET1.1.1.1192.168.2.40x4d2No error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.829680920 CET1.1.1.1192.168.2.40x4d2No error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.829680920 CET1.1.1.1192.168.2.40x4d2No error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:42.829680920 CET1.1.1.1192.168.2.40x4d2No error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.047023058 CET1.1.1.1192.168.2.40xdd29No error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.047023058 CET1.1.1.1192.168.2.40xdd29No error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.047023058 CET1.1.1.1192.168.2.40xdd29No error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.047023058 CET1.1.1.1192.168.2.40xdd29No error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.756592035 CET1.1.1.1192.168.2.40x26ecNo error (0)myexternalip.com34.160.111.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.832693100 CET1.1.1.1192.168.2.40x380fNo error (0)cdn.computewall.com104.26.2.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.832693100 CET1.1.1.1192.168.2.40x380fNo error (0)cdn.computewall.com104.26.3.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:43.832693100 CET1.1.1.1192.168.2.40x380fNo error (0)cdn.computewall.com172.67.68.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:45.571937084 CET1.1.1.1192.168.2.40x6086No error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:45.571937084 CET1.1.1.1192.168.2.40x6086No error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:45.571937084 CET1.1.1.1192.168.2.40x6086No error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:45.571937084 CET1.1.1.1192.168.2.40x6086No error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:46.971900940 CET1.1.1.1192.168.2.40xc53aNo error (0)cdn.computewall.com104.26.3.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:46.971900940 CET1.1.1.1192.168.2.40xc53aNo error (0)cdn.computewall.com104.26.2.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:46.971900940 CET1.1.1.1192.168.2.40xc53aNo error (0)cdn.computewall.com172.67.68.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:48.902287006 CET1.1.1.1192.168.2.40xb633No error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:48.902287006 CET1.1.1.1192.168.2.40xb633No error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:48.902287006 CET1.1.1.1192.168.2.40xb633No error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:48.902287006 CET1.1.1.1192.168.2.40xb633No error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:03:54.167155981 CET1.1.1.1192.168.2.40xef67No error (0)o428832.ingest.sentry.io34.120.195.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.967369080 CET1.1.1.1192.168.2.40x467eNo error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.967369080 CET1.1.1.1192.168.2.40x467eNo error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.967369080 CET1.1.1.1192.168.2.40x467eNo error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.967369080 CET1.1.1.1192.168.2.40x467eNo error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.975723982 CET1.1.1.1192.168.2.40xfa2bNo error (0)downloads.joinmassive.com18.66.161.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.975723982 CET1.1.1.1192.168.2.40xfa2bNo error (0)downloads.joinmassive.com18.66.161.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.975723982 CET1.1.1.1192.168.2.40xfa2bNo error (0)downloads.joinmassive.com18.66.161.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:02.975723982 CET1.1.1.1192.168.2.40xfa2bNo error (0)downloads.joinmassive.com18.66.161.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:05.295744896 CET1.1.1.1192.168.2.40x5a6aNo error (0)downloads.adblockfast.com104.26.15.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:05.295744896 CET1.1.1.1192.168.2.40x5a6aNo error (0)downloads.adblockfast.com172.67.74.54A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:05:05.295744896 CET1.1.1.1192.168.2.40x5a6aNo error (0)downloads.adblockfast.com104.26.14.74A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.196774960 CET1.1.1.1192.168.2.40x8c8bNo error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.196774960 CET1.1.1.1192.168.2.40x8c8bNo error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.196774960 CET1.1.1.1192.168.2.40x8c8bNo error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.196774960 CET1.1.1.1192.168.2.40x8c8bNo error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.222498894 CET1.1.1.1192.168.2.40xe5a1No error (0)downloads.joinmassive.com18.66.161.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.222498894 CET1.1.1.1192.168.2.40xe5a1No error (0)downloads.joinmassive.com18.66.161.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.222498894 CET1.1.1.1192.168.2.40xe5a1No error (0)downloads.joinmassive.com18.66.161.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:06:06.222498894 CET1.1.1.1192.168.2.40xe5a1No error (0)downloads.joinmassive.com18.66.161.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.541802883 CET1.1.1.1192.168.2.40xa0fdNo error (0)api.joinmassive.com18.165.220.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.541802883 CET1.1.1.1192.168.2.40xa0fdNo error (0)api.joinmassive.com18.165.220.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.541802883 CET1.1.1.1192.168.2.40xa0fdNo error (0)api.joinmassive.com18.165.220.75A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.541802883 CET1.1.1.1192.168.2.40xa0fdNo error (0)api.joinmassive.com18.165.220.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.552249908 CET1.1.1.1192.168.2.40xf49dNo error (0)downloads.joinmassive.com18.66.161.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.552249908 CET1.1.1.1192.168.2.40xf49dNo error (0)downloads.joinmassive.com18.66.161.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.552249908 CET1.1.1.1192.168.2.40xf49dNo error (0)downloads.joinmassive.com18.66.161.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 9, 2024 01:07:15.552249908 CET1.1.1.1192.168.2.40xf49dNo error (0)downloads.joinmassive.com18.66.161.113A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.44973218.165.220.324437420C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:15 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 478
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:03:15 UTC478OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 35 39 33 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 35 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 34 2e 31 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 33 2e 32 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 32 2d
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702593000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702593","version":"2.4.1"}, "data":{"version":"0.3.2", "downloadDate":"2022-
                                                                                                                                                                                                                                        2024-12-09 00:03:16 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:15 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633c3-00362a5a54b6e5d41b2253b4
                                                                                                                                                                                                                                        x-amzn-RequestId: a98e2e21-96cd-45f3-a5b6-5292ce16d0d2
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0GrEnEIAMEnjQ=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 bf53ab602e7d8a88d55571ca0f838cbe.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: HZnxJygnQlvjGgS2tJQRsA2vU4UHGA_wCT1-yMmYEveUX6Zv2i6XcQ==
                                                                                                                                                                                                                                        2024-12-09 00:03:16 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.44973518.165.220.324437420C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:19 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 258
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:03:19 UTC258OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 36 35 37 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 53 75 63 63 65 73 73 22 2c 22 6e 61 6d 65 22 3a 22 4f 70 74 49 6e 41 63 63 65 70 74 65 64 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 35 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 34 2e 31 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 63 6f 6d 70 6f 6e 65 6e 74 22 3a 22 41 64 62 6c 6f 63 6b 22 2c 20 22 69 73 55 70 64 61 74 65 22 3a 66 61 6c 73
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702657000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Success","name":"OptInAccepted","productId":"AdblockInstaller","sessionId":"9e146be91733702593","version":"2.4.1"}, "data":{"component":"Adblock", "isUpdate":fals
                                                                                                                                                                                                                                        2024-12-09 00:03:20 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:19 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633c7-07c9627f0e00412e23c6da2c
                                                                                                                                                                                                                                        x-amzn-RequestId: faa9245a-95bc-4f4b-a11e-be2f9ceb8a93
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0HSG89IAMEIaw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 487e773bc809cb87809f770954ce1e22.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 0-Vt6wMT5XKeXg0JJRjQlLd0lTU_49Ok-FAHNLXkPH8qRwwUQno_ug==
                                                                                                                                                                                                                                        2024-12-09 00:03:20 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        2192.168.2.44973718.165.220.324437420C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:21 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 261
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:03:21 UTC261OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 36 35 39 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 53 75 63 63 65 73 73 22 2c 22 6e 61 6d 65 22 3a 22 4f 70 74 49 6e 41 63 63 65 70 74 65 64 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 35 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 34 2e 31 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 63 6f 6d 70 6f 6e 65 6e 74 22 3a 22 4d 61 73 73 69 76 65 53 44 4b 22 2c 20 22 69 73 55 70 64 61 74 65 22 3a 66
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702659000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Success","name":"OptInAccepted","productId":"AdblockInstaller","sessionId":"9e146be91733702593","version":"2.4.1"}, "data":{"component":"MassiveSDK", "isUpdate":f
                                                                                                                                                                                                                                        2024-12-09 00:03:22 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:22 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633ca-6253fe3b7c65b3bb69ac7a66
                                                                                                                                                                                                                                        x-amzn-RequestId: c426abb7-bb62-410e-9425-03c590630b28
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0HpF0poAMEDqQ=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 a74cbe062c9465931012948f56ea9e24.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: y4ntrBj90s0T1SkJz3cTdDzUUH2hmVub05pmW6qe5Gbt2FzpJX_0hw==
                                                                                                                                                                                                                                        2024-12-09 00:03:22 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        3192.168.2.44974118.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:28 UTC206OUTGET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        2024-12-09 00:03:29 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 432
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:29 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633d1-601268765ac02b9d004e44d8;Parent=40746af33b8d1080;Sampled=0;Lineage=1:117a9352:0
                                                                                                                                                                                                                                        x-amzn-RequestId: 638d7138-33b7-4b5a-b5af-8c9a61470fa3
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0IwFI2oAMEc6w=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 1cfee74ca8783b126318bfb563367846.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: Rjfiz_ACRi7xpXHUA-hP9lpRrzCCDBZ-ZIh1jXk9R7OoRda-wOFngw==
                                                                                                                                                                                                                                        2024-12-09 00:03:29 UTC432INData Raw: 7b 22 63 6f 6e 66 69 67 22 3a 7b 22 75 70 64 61 74 65 22 3a 7b 22 61 70 70 43 61 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 6d 61 72 6b 65 74 61 74 6f 72 2f 77 69 6e 64 6f 77 73 2f 61 70 70 63 61 73 74 2e 78 6d 6c 22 7d 2c 22 6d 61 73 73 69 76 65 53 64 6b 4b 65 79 22 3a 22 34 63 36 66 64 66 63 39 2d 64 65 37 38 2d 34 38 39 39 2d 38 64 63 36 2d 33 36 35 62 39 63 35 64 62 37 39 39 22 2c 22 65 78 74 72 61 22 3a 7b 22 62 6c 6f 63 6b 6c 69 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 70 72 6f 64 2f 69 70 73 2e 74 78 74 22 2c 22
                                                                                                                                                                                                                                        Data Ascii: {"config":{"update":{"appCastUrl":"https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml"},"massiveSdkKey":"4c6fdfc9-de78-4899-8dc6-365b9c5db799","extra":{"blocklistUrl":"https://downloads.joinmassive.com/adblockfast/prod/ips.txt","


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        4192.168.2.44974218.165.220.324437420C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:28 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 287
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:03:28 UTC287OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 38 36 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 43 6f 6d 70 6c 65 74 65 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 35 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 34 2e 31 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 69 73 55 70 64 61 74 65 22 3a 66 61 6c 73 65 2c 20 22 73 6f 75 72 63 65 22 3a 22 55 41 2d 31 33 35 36 39 30
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702786000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerComplete","productId":"AdblockInstaller","sessionId":"9e146be91733702593","version":"2.4.1"}, "data":{"isUpdate":false, "source":"UA-135690
                                                                                                                                                                                                                                        2024-12-09 00:03:29 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:29 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633d1-7b56e4fe7c31af4c135dca2f
                                                                                                                                                                                                                                        x-amzn-RequestId: adff3df8-f184-443c-a190-9d7b3bd5825b
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0IxEeeIAMEmsw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 a74cbe062c9465931012948f56ea9e24.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 9qw4KncBt6a4nxCDnxd68zfHIuWPid0_G2_66P3ubrBuiQztOrNHbQ==
                                                                                                                                                                                                                                        2024-12-09 00:03:29 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        5192.168.2.44974718.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:31 UTC312OUTGET /dist/match?productId=adblockfast&distId=marketator&downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&installerSessionId=9e146be91733702593&pid=741&installType=installPath HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        2024-12-09 00:03:32 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 464
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:31 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633d3-4b9b4796583f5e5908143ac0;Parent=5489868d4bf59199;Sampled=0;Lineage=1:809b6935:0
                                                                                                                                                                                                                                        x-amzn-RequestId: 39b1671f-1ff9-4d76-a17c-0e3c5a79e712
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0JLF53oAMEeoQ=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 fb6afc857f0eaed863f06738b3882546.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: FjDk6RTFS-9kokQ9LVWCbbYTzQud6zWzTAZmTziT1CS0mKS7ng7aUQ==
                                                                                                                                                                                                                                        2024-12-09 00:03:32 UTC464INData Raw: 7b 22 73 75 62 44 69 73 74 49 64 22 3a 22 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 64 69 73 74 49 64 22 3a 22 6d 61 72 6b 65 74 61 74 6f 72 22 2c 22 69 6e 73 74 61 6c 6c 54 79 70 65 22 3a 22 69 6e 73 74 61 6c 6c 50 61 74 68 22 2c 22 63 6c 69 63 6b 44 61 74 65 22 3a 30 2c 22 69 6e 73 74 61 6c 6c 44 61 74 65 22 3a 30 2c 22 69 6e 73 74 61 6c 6c 65 72 53 65 73 73 69 6f 6e 49 64 22 3a 22 22 2c 22 70 61 72 61 6d 73 22 3a 7b 22 70 75 62 6c 69 73 68 65 72 49 64 22 3a 22 37 34 31 22 2c 22 63 61 6d 70 61 69 67 6e 49 64 22 3a 22 22 2c 22 63 64 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 61 64 62 6c 6f 63 6b 66 61 73 74 2e 63 6f 6d 2f 39 33 39 2f 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65
                                                                                                                                                                                                                                        Data Ascii: {"subDistId":"","productId":"adblockfast","distId":"marketator","installType":"installPath","clickDate":0,"installDate":0,"installerSessionId":"","params":{"publisherId":"741","campaignId":"","cdnUrl":"https://downloads.adblockfast.com/939/AdblockInstalle


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        6192.168.2.44975418.66.161.1134437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 05275a1a5434f15a35e2fc92c846659a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: JVeIUyy-tkamHYIUmrA0rSOG8EefQtye8gEHFXeYgHL2595VuyogRw==
                                                                                                                                                                                                                                        Age: 3708
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        7192.168.2.44975318.66.161.1134437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 4b9c4f1584ced8efb82794c07e3d29f2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: HSCJSXXjOFzop6jlHuG3psQl_MYLjj6ruFEW7AfIyHB9vMs0F7c_kw==
                                                                                                                                                                                                                                        Age: 3708
                                                                                                                                                                                                                                        2024-12-09 00:03:34 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        8192.168.2.44975718.165.220.324434928C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:35 UTC206OUTGET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 432
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:36 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633d8-1c02af323e2647b32c6d6a4b;Parent=7fe5ca445d583ec5;Sampled=0;Lineage=1:117a9352:0
                                                                                                                                                                                                                                        x-amzn-RequestId: 5eaaf1dd-c6b4-4471-8962-992561488f6b
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0J0EXiIAMEBGw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 ef83ebd0ff32ef4b30f3116e6c14b040.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 0CNqSDAWVrgI8X5G3bv7Kb9EhGXM7epCUEsmjKhS-LhU9cry7TU9Cg==
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC432INData Raw: 7b 22 63 6f 6e 66 69 67 22 3a 7b 22 75 70 64 61 74 65 22 3a 7b 22 61 70 70 43 61 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 6d 61 72 6b 65 74 61 74 6f 72 2f 77 69 6e 64 6f 77 73 2f 61 70 70 63 61 73 74 2e 78 6d 6c 22 7d 2c 22 6d 61 73 73 69 76 65 53 64 6b 4b 65 79 22 3a 22 34 63 36 66 64 66 63 39 2d 64 65 37 38 2d 34 38 39 39 2d 38 64 63 36 2d 33 36 35 62 39 63 35 64 62 37 39 39 22 2c 22 65 78 74 72 61 22 3a 7b 22 62 6c 6f 63 6b 6c 69 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 70 72 6f 64 2f 69 70 73 2e 74 78 74 22 2c 22
                                                                                                                                                                                                                                        Data Ascii: {"config":{"update":{"appCastUrl":"https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml"},"massiveSdkKey":"4c6fdfc9-de78-4899-8dc6-365b9c5db799","extra":{"blocklistUrl":"https://downloads.joinmassive.com/adblockfast/prod/ips.txt","


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        9192.168.2.44976318.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC256OUTPOST /telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 297
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC297OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 38 38 35 31 30 39 34 2c 22 64 61 74 61 22 3a 7b 22 64 69 73 74 49 64 22 3a 22 6d 61 72 6b 65 74 61 74 6f 72 22 2c 22 70 6f 73 74 62 61 63 6b 49 64 22 3a 22 33 38 30 39 35 39 65 61 2d 37 33 31 32 2d 34 34 39 32 2d 39 38 38 31 2d 35 34 30 65 38 30 30 33 35 65 30 66 22 2c 22 70 75 62 6c 69 73 68 65 72 49 64 22 3a 22 37 34 31 22 7d 2c 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 6e 61 6d 65 22 3a 22 41 63 74 69 76 69 74 79 50 69 6e 67 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 31 37 33
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733708851094,"data":{"distId":"marketator","postbackId":"380959ea-7312-4492-9881-540e80035e0f","publisherId":"741"},"info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","name":"ActivityPing","productId":"adblockfast","sessionId":"9e14173
                                                                                                                                                                                                                                        2024-12-09 00:03:37 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:36 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633d8-7f9b401a0a95459c2ab2a7a5
                                                                                                                                                                                                                                        x-amzn-RequestId: 71b802bd-5276-40cc-aaf5-88128b1d8567
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0J7FQboAMEl2g=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 b93a2a063e3f94fe345bc08072aed022.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: zBOUb-ohUxamsIG8SD19Yt4ZlInuHqgu8eJNw4rWgNpD25h07-XMPA==
                                                                                                                                                                                                                                        2024-12-09 00:03:37 UTC16INData Raw: 7b 22 69 6e 74 65 72 76 61 6c 22 3a 36 30 30 7d
                                                                                                                                                                                                                                        Data Ascii: {"interval":600}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        10192.168.2.449764172.67.74.544437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC152OUTGET /939/AdblockInstaller.exe HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.adblockfast.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC945INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:36 GMT
                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                        Content-Length: 14500368
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        ETag: "ef6450ab524057924408dbe29991e99e"
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:14:57 GMT
                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 5330
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SKauWfkxp%2B3bsIawLBF7Arld4vEAe%2FvSURPii%2BcSsDNQFch%2BeY08j4sVpFhf7ZuwwIp0Ey1zZxEMHN1JzX9PuFZifzLwT77MemmbRwyG2K6sgHtzFG7Mh2UGi%2BW7u1bl61Zwy0%2FCgA4Q%2B34%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bbaa09e77d02-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1834&min_rtt=1830&rtt_var=695&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=790&delivery_rate=1563169&cwnd=230&unsent_bytes=0&cid=740e858537cb3ef6&ts=450&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC424INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c
                                                                                                                                                                                                                                        Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 13 40 00 0c 0a 4f 6c 65 56 61 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18
                                                                                                                                                                                                                                        Data Ascii: @OleVariant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right|K&op_Inequality@@@Left@@Right
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: fb ff c8 1e 40 00 4a 00 fc ff 07 1f 40 00 4b 00 fd ff 32 1f 40 00 4a 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f
                                                                                                                                                                                                                                        Data Ascii: @J@K2@J^@MTObject&\@Create@Self$\@Free@Self)|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c
                                                                                                                                                                                                                                        Data Ascii: @Self@@[`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@Sel
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 24 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00
                                                                                                                                                                                                                                        Data Ascii: @AData$#@HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00
                                                                                                                                                                                                                                        Data Ascii: (@Self1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 52 65 63 6f 72 64 02 00 00 00 00 00 04 00 00 00 02 06 56 4c 6f 6e 67 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e
                                                                                                                                                                                                                                        Data Ascii: RecordVLongsVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkIn
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 00 02 00 00 00 20 33 40 00 14 0d 50 52 65 73 53 74 72 69 6e 67 52 65 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: 3@PResStringRec83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec
                                                                                                                                                                                                                                        2024-12-09 00:03:36 UTC1369INData Raw: 20 6c 65 61 6b 20 68 61 73 20 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40
                                                                                                                                                                                                                                        Data Ascii: leak has occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        11192.168.2.44976718.165.220.324434928C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:37 UTC194OUTPOST /telemetry?source=app&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 248
                                                                                                                                                                                                                                        2024-12-09 00:03:37 UTC248OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 38 38 35 32 37 34 38 2c 22 64 61 74 61 22 3a 7b 22 72 65 61 73 6f 6e 22 3a 22 41 74 74 65 6d 70 74 20 74 6f 20 73 74 61 72 74 20 32 6e 64 20 69 6e 73 74 61 6e 63 65 22 7d 2c 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 6e 61 6d 65 22 3a 22 4d 75 6c 74 69 49 6e 73 74 61 6e 63 65 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 31 37 33 33 37 30 38 38 35 32 22 2c 22 74 79 70 65 22 3a 22 57 61 72 6e 69 6e 67 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 33 2e 32 22 7d 7d
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733708852748,"data":{"reason":"Attempt to start 2nd instance"},"info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","name":"MultiInstance","productId":"adblockfast","sessionId":"9e141733708852","type":"Warning","version":"0.3.2"}}
                                                                                                                                                                                                                                        2024-12-09 00:03:38 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:38 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633da-2a919dbb76ce1e6d6e58674b
                                                                                                                                                                                                                                        x-amzn-RequestId: bbb10b92-538c-4144-be47-d7b8738b25a9
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0KMGgvoAMEoZg=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 c1ca71e6238e57e7b87d021fa60aad98.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: M95wotlcKhfCCx7Amz6p4Sfds0E2WwmREKKEii4EvChTE_01yYJx0w==
                                                                                                                                                                                                                                        2024-12-09 00:03:38 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        12192.168.2.44977318.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:38 UTC175OUTGET /postback/adblockfast/default?downloadDate=2022-12-17T04%3A04%3A11&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06&pid=741 HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:39 UTC477INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:39 GMT
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0KWEa0oAMECrw=
                                                                                                                                                                                                                                        x-amzn-RequestId: 51769d78-619d-444a-9346-0f4ce6434610
                                                                                                                                                                                                                                        x-amzn-ErrorType: MissingAuthenticationTokenException
                                                                                                                                                                                                                                        X-Cache: Error from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 680370d83a2dca8172426cfc0e48cf92.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: OSVgxxv4zR3bK7OWeJMnZabplk5nJWu2cRDsydGPLY-3D-85p9Ulkg==
                                                                                                                                                                                                                                        2024-12-09 00:03:39 UTC42INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 4d 69 73 73 69 6e 67 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 54 6f 6b 65 6e 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"message":"Missing Authentication Token"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        13192.168.2.44977418.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:38 UTC179OUTGET /sdk/config?stage=prod&uid=4c6fdfc9-de78-4899-8dc6-365b9c5db799 HTTP/1.1
                                                                                                                                                                                                                                        x-api-key: 5oydibnqoD6t310DYGMUh7y4e2WWpHvvapKEL4pF
                                                                                                                                                                                                                                        Connection: Close
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:03:39 UTC530INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 1265
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:39 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633db-0761b58f3c38daa535f1d7d9;Parent=55f10a9d7e9c0a10;Sampled=0;Lineage=1:6267decb:0
                                                                                                                                                                                                                                        x-amzn-RequestId: 7c9a463e-953b-4b2b-a18c-651545ee578b
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0KUHfJIAMEYaw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 1b300ac0fc08f49360b62bb3f1350070.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: hnWPTAkn-gsDgO43P-P1JESnQ5oMQ_iN8BuPJIXHyjENIHVQMHFu4g==
                                                                                                                                                                                                                                        2024-12-09 00:03:39 UTC1265INData Raw: 7b 22 73 74 61 74 75 73 43 6f 64 65 22 3a 32 30 30 2c 22 62 6f 64 79 22 3a 7b 22 61 6e 61 6c 79 74 69 63 73 22 3a 7b 22 74 72 61 63 6b 69 6e 67 49 44 22 3a 22 55 41 2d 31 33 35 36 39 30 30 32 37 2d 34 31 22 7d 2c 22 74 68 72 6f 74 74 6c 69 6e 67 22 3a 7b 22 4e 57 22 3a 7b 22 6d 61 78 50 61 72 61 6c 6c 65 6c 43 6f 6e 6e 65 63 74 69 6f 6e 73 22 3a 35 30 30 2c 22 72 65 73 65 74 49 6e 74 65 72 76 61 6c 22 3a 36 30 2c 22 6d 61 78 43 6f 6e 6e 65 63 74 69 6f 6e 73 22 3a 35 30 30 7d 7d 2c 22 64 69 73 74 49 64 22 3a 22 6d 61 72 6b 65 74 61 74 6f 72 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 77 6f 72 6b 65 72 73 43 6f 6e 66 69 67 22 3a 7b 22 36 64 32 35 35 37 30 33 2d 39 61 31 32 2d 34 38 30 62 2d 38 64 36 63 2d 31 36 38
                                                                                                                                                                                                                                        Data Ascii: {"statusCode":200,"body":{"analytics":{"trackingID":"UA-135690027-41"},"throttling":{"NW":{"maxParallelConnections":500,"resetInterval":60,"maxConnections":500}},"distId":"marketator","productId":"adblockfast","workersConfig":{"6d255703-9a12-480b-8d6c-168


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        14192.168.2.44977918.165.220.324437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:41 UTC194OUTPOST /telemetry?source=app&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 488
                                                                                                                                                                                                                                        2024-12-09 00:03:41 UTC488OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 38 38 35 36 31 30 32 2c 22 64 61 74 61 22 3a 7b 22 64 69 73 74 49 64 22 3a 22 6d 61 72 6b 65 74 61 74 6f 72 22 2c 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 32 2d 31 32 2d 31 37 54 30 34 3a 30 34 3a 31 31 22 2c 22 69 6e 73 74 61 6c 6c 44 61 74 65 22 3a 22 32 30 32 34 2d 31 32 2d 30 39 54 30 30 3a 30 33 3a 32 32 22 2c 22 69 6e 73 74 61 6c 6c 65 72 53 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 35 39 33 22 2c 22 6d 61 74 63 68 65 64 50 61 72 61 6d 73 22 3a 7b 22 70 6f 73 74 62 61 63 6b 49 64 22 3a 22 33 38 30 39 35 39 65 61 2d 37 33 31 32 2d 34 34 39 32 2d 39 38 38 31 2d 35 34 30 65 38 30 30 33 35 65 30 66 22 2c 22 70 75 62 6c 69 73 68 65 72 49 64 22
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733708856102,"data":{"distId":"marketator","downloadDate":"2022-12-17T04:04:11","installDate":"2024-12-09T00:03:22","installerSessionId":"9e146be91733702593","matchedParams":{"postbackId":"380959ea-7312-4492-9881-540e80035e0f","publisherId"
                                                                                                                                                                                                                                        2024-12-09 00:03:42 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:41 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633dd-42b7ccc7383a8fd26f7f4512
                                                                                                                                                                                                                                        x-amzn-RequestId: 0c4c8115-c26d-4221-bdc0-ea09d3470259
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0KtEDxoAMEM1g=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 5008327c23740ce2f9d9ed54c8a489e8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: mRc8oPFVbq86xUt7lv0lm_iNl-4hvW_aWrfQpp9FXtq3zmd-OAv-Pw==
                                                                                                                                                                                                                                        2024-12-09 00:03:42 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        15192.168.2.449782104.26.2.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:43 UTC86OUTGET /adblockfast/domains/list.txt HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:43 UTC1027INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:43 GMT
                                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                                        Content-Length: 76
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: QYSHEf0Duzph8mQauWdLOFfXYw7u26/gjwsVm3N6AjOG3cDCTfzWCcQA0NeJrVcNbY8J74JGiP9ktZkrkAYLrw==
                                                                                                                                                                                                                                        x-amz-request-id: 5FS2SGVMRXZ3V1SV
                                                                                                                                                                                                                                        Last-Modified: Mon, 01 Aug 2022 16:14:05 GMT
                                                                                                                                                                                                                                        ETag: "3f60b50c97e66eed151664abdcf311b2"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: REVALIDATED
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HCq%2FstHqCLNrHQHxQbHM%2Ft0lGu7jPPk1y3lVknmL96AAi8Gx7fRxc63ltw7uz7wFcjRk5KIY9rCYLeORBL3onEZVXkOezH%2F7SjkaI1y%2FbyW%2FcCjDt6MtoWgMIIFA6Hr%2FxesqBQE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bbd4aeba42a0-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1727&min_rtt=1720&rtt_var=660&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=724&delivery_rate=1638608&cwnd=222&unsent_bytes=0&cid=9e30f294c2b284be&ts=511&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:43 UTC76INData Raw: 61 64 67 75 61 72 64 5f 66 69 6c 74 65 72 65 64 2e 63 6f 6e 66 0a 61 64 73 65 72 76 65 72 73 2e 63 6f 6e 66 0a 66 61 63 65 62 6f 6f 6b 2e 63 6f 6e 66 0a 64 6f 6d 61 69 6e 73 2e 63 6f 6e 66 0a 63 75 73 74 6f 6d 2e 63 6f 6e 66 0a
                                                                                                                                                                                                                                        Data Ascii: adguard_filtered.confadservers.conffacebook.confdomains.confcustom.conf


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        16192.168.2.44978734.160.111.1454434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:44 UTC58OUTGET /raw HTTP/1.1
                                                                                                                                                                                                                                        Host: myexternalip.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC242INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        date: Mon, 09 Dec 2024 00:03:44 GMT
                                                                                                                                                                                                                                        content-type: text/plain; charset=utf-8
                                                                                                                                                                                                                                        Content-Length: 12
                                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                                        via: 1.1 google
                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 32 32 38
                                                                                                                                                                                                                                        Data Ascii: 8.46.123.228


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        17192.168.2.449788104.26.2.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC99OUTGET /adblockfast/domains/adguard_filtered.conf HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1035INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:45 GMT
                                                                                                                                                                                                                                        Content-Type: binary/octet-stream
                                                                                                                                                                                                                                        Content-Length: 571562
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: TbA19nebk6EsSsHS2EM8LdNFoSN79n3RhsOHGTibOgMtletHtWKt3kgH1Kb1fRpUcGbWxqQW7VO9alQ9qxkqXw==
                                                                                                                                                                                                                                        x-amz-request-id: 7XSRAX9ZK9RQ1ZJE
                                                                                                                                                                                                                                        Last-Modified: Fri, 29 Jul 2022 11:31:59 GMT
                                                                                                                                                                                                                                        ETag: "78287037c2d4bc3707127a8fefcc2ff9"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cs%2Bpz%2Fgd%2BpJnyjbpkmQMxlXHSdOgHXcwchHD25Zj5Tkm7Q82M0%2BPvpixnqegPgDD%2BBbbJ00NPT72VopsFVSg09hj5NGA77xn8OOewc4kNb%2BlBPq98PWwGeUDF%2FSYM3fBYfITJHs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bbe04ade43be-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1606&rtt_var=611&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2836&recv_bytes=737&delivery_rate=1776155&cwnd=223&unsent_bytes=0&cid=f0e41cb8e4eac89a&ts=520&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC334INData Raw: 6f 6b 79 74 67 78 6d 78 6f 6e 78 69 6d 2e 63 6f 6d 0d 0a 61 73 69 61 6e 63 6c 69 2e 63 6f 6d 0d 0a 70 65 6c 69 73 2e 63 6c 69 63 6b 0d 0a 70 62 73 64 75 74 75 66 70 2e 63 6f 6d 0d 0a 70 61 73 73 77 6f 72 64 64 72 75 6e 6b 65 6e 68 65 61 74 69 6e 67 2e 63 6f 6d 0d 0a 6e 72 76 6b 77 71 61 61 74 6c 2e 63 6f 6d 0d 0a 6d 6c 69 6d 67 6d 78 6e 2e 63 6f 6d 0d 0a 6d 61 73 61 6b 65 6b 75 2e 63 6f 6d 0d 0a 74 61 75 76 6f 6f 6a 6f 2e 6e 65 74 0d 0a 77 65 62 31 73 2e 63 6f 6d 0d 0a 67 6f 6c 64 73 75 72 66 32 34 68 2e 70 6c 0d 0a 77 79 70 68 61 77 68 69 74 79 2e 63 6f 6d 0d 0a 63 68 72 69 66 38 6b 64 73 74 69 65 2e 63 6f 6d 0d 0a 70 77 64 78 65 64 6d 75 75 74 61 6f 6b 2e 63 6f 6d 0d 0a 6b 65 77 68 75 6c 61 77 69 2e 63 6f 6d 0d 0a 6f 75 72 63 6f 6d 6d 6f 6e 6e 65 77 73
                                                                                                                                                                                                                                        Data Ascii: okytgxmxonxim.comasiancli.compelis.clickpbsdutufp.compassworddrunkenheating.comnrvkwqaatl.commlimgmxn.commasakeku.comtauvoojo.netweb1s.comgoldsurf24h.plwyphawhity.comchrif8kdstie.compwdxedmuutaok.comkewhulawi.comourcommonnews
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 76 63 76 6f 6e 6c 61 6b 61 69 67 78 77 71 2e 63 6f 6d 0d 0a 79 61 61 71 74 75 6a 6f 62 67 6c 6c 77 64 2e 63 6f 6d 0d 0a 61 70 73 68 65 78 76 61 7a 71 68 68 2e 63 6f 6d 0d 0a 6e 74 79 6d 78 79 6b 79 68 2e 63 6f 6d 0d 0a 6c 6b 69 6d 71 64 6b 66 64 2e 63 6f 6d 0d 0a 6d 65 74 73 61 75 62 73 2e 6e 65 74 0d 0a 69 68 65 67 77 6f 79 2e 78 79 7a 0d 0a 6d 6f 72 61 6e 6f 64 65 72 2e 63 6f 6d 0d 0a 7a 65 70 69 6c 6f 67 61 72 2e 63 6f 6d 0d 0a 62 69 6e 73 61 69 77 6f 2e 6e 65 74 0d 0a 6b 69 76 65 2d 69 6e 74 72 6f 2e 77 65 62 2e 61 70 70 0d 0a 73 74 6f 6f 64 67 6f 67 61 73 2e 78 79 7a 0d 0a 76 72 71 73 76 72 6e 6a 72 68 64 6d 65 6b 2e 63 6f 6d 0d 0a 6e 6e 64 6b 75 6b 61 67 6d 6f 73 2e 63 6f 6d 0d 0a 6e 76 6d 6a 64 70 62 6a 67 72 68 2e 63 6f 6d 0d 0a 6f 75 66 74 65 65
                                                                                                                                                                                                                                        Data Ascii: vcvonlakaigxwq.comyaaqtujobgllwd.comapshexvazqhh.comntymxykyh.comlkimqdkfd.commetsaubs.netihegwoy.xyzmoranoder.comzepilogar.combinsaiwo.netkive-intro.web.appstoodgogas.xyzvrqsvrnjrhdmek.comnndkukagmos.comnvmjdpbjgrh.comouftee
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 0a 61 64 2e 6d 65 64 69 61 66 2e 6d 65 64 69 61 0d 0a 70 75 73 68 6e 6f 74 74 2e 63 6f 6d 0d 0a 68 61 7a 61 72 64 6f 75 73 73 63 68 6f 6f 6c 6f 75 74 63 72 79 2e 63 6f 6d 0d 0a 78 68 72 30 2e 78 79 7a 0d 0a 68 6f 6d 75 72 61 64 75 2e 63 6f 6d 0d 0a 75 73 64 6f 77 6e 6c 6f 61 64 2e 77 69 64 6f 73 74 2e 63 6f 6d 0d 0a 73 65 65 2d 77 68 61 74 2d 69 73 2d 74 72 65 6e 64 69 6e 67 2e 63 6f 6d 0d 0a 62 6c 61 6d 65 64 62 75 63 6b 69 65 2e 66 75 6e 0d 0a 71 6d 6e 65 6d 78 61 64 65 2e 63 6f 6d 0d 0a 6d 61 75 70 74 61 75 62 2e 63 6f 6d 0d 0a 61 64 2e 6b 75 62 69 63 61 64 2e 69 63 75 0d 0a 77 6f 6e 64 65 72 66 75 6c 2d 64 61 79 2e 63 6c 75 62 0d 0a 67 6f 6f 64 64 61 79 77 69 74 68 2d 63 61 70 74 63 68 61 2e 74 6f 70 0d 0a 79 74 69 65 79 6c 68 78 6a 6c 65 63 74 70 2e
                                                                                                                                                                                                                                        Data Ascii: ad.mediaf.mediapushnott.comhazardousschooloutcry.comxhr0.xyzhomuradu.comusdownload.widost.comsee-what-is-trending.comblamedbuckie.funqmnemxade.commauptaub.comad.kubicad.icuwonderful-day.clubgooddaywith-captcha.topytieylhxjlectp.
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 78 79 7a 0d 0a 7a 6f 6e 62 6f 6e 2e 78 79 7a 0d 0a 68 61 73 74 72 65 6e 6d 6f 6e 2e 78 79 7a 0d 0a 72 61 69 67 65 62 72 6f 2e 78 79 7a 0d 0a 6c 6b 6a 65 69 2e 78 79 7a 0d 0a 67 6d 77 65 6a 68 6a 78 6b 6c 76 68 2e 63 6f 6d 0d 0a 69 63 71 71 6a 69 70 76 2e 63 6f 6d 0d 0a 79 76 77 72 6a 66 79 78 72 64 63 76 6d 71 2e 63 6f 6d 0d 0a 66 69 72 65 77 6f 72 6b 61 64 73 65 72 76 69 63 65 73 31 2e 63 6f 6d 0d 0a 73 65 65 62 61 69 74 2e 63 6f 6d 0d 0a 6d 61 67 65 39 38 72 71 75 65 77 7a 2e 63 6f 6d 0d 0a 63 75 67 69 70 68 65 70 74 79 2e 63 6f 6d 0d 0a 68 73 72 76 76 2e 63 6f 6d 0d 0a 69 6e 73 74 61 66 6c 72 74 2e 63 6f 6d 0d 0a 6a 61 70 61 6e 68 6f 74 74 69 65 73 2e 6a 70 0d 0a 6f 63 63 75 73 74 61 6e 74 77 69 64 69 74 79 2e 63 6f 6d 0d 0a 73 69 6e 67 6c 65 73 67 65
                                                                                                                                                                                                                                        Data Ascii: xyzzonbon.xyzhastrenmon.xyzraigebro.xyzlkjei.xyzgmwejhjxklvh.comicqqjipv.comyvwrjfyxrdcvmq.comfireworkadservices1.comseebait.commage98rquewz.comcugiphepty.comhsrvv.cominstaflrt.comjapanhotties.jpoccustantwidity.comsinglesge
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 72 65 6e 64 69 6e 67 2e 63 6f 6d 0d 0a 63 6c 69 66 61 64 73 2e 63 6f 6d 0d 0a 6c 6d 72 79 63 78 75 6f 6a 6e 64 62 65 6b 78 2e 74 6f 70 0d 0a 68 79 70 65 72 6c 6e 6b 2e 78 79 7a 0d 0a 66 61 6c 75 68 75 70 6f 2e 78 79 7a 0d 0a 79 7a 69 68 75 74 79 62 2e 78 79 7a 0d 0a 6d 6f 62 69 6c 65 6f 66 66 65 72 73 2d 61 63 2d 64 6f 77 6e 6c 6f 61 64 2e 63 6f 6d 0d 0a 68 64 77 62 64 6c 72 65 2e 74 6f 70 0d 0a 61 70 69 2e 63 6c 69 63 6b 61 69 6e 65 2e 63 6f 6d 0d 0a 76 69 64 65 6f 2d 61 64 73 2d 6d 6f 64 75 6c 65 2e 61 64 2d 74 65 63 68 2e 6e 62 63 75 6e 69 2e 63 6f 6d 0d 0a 62 34 32 72 72 61 63 6a 2e 63 6f 6d 0d 0a 68 69 70 2d 39 37 31 36 36 62 2e 63 6f 6d 0d 0a 74 68 61 70 73 6f 6f 7a 2e 6e 65 74 0d 0a 6c 69 61 64 6d 2e 63 6f 6d 0d 0a 6d 6d 65 6c 6c 77 61 75 71 79 61
                                                                                                                                                                                                                                        Data Ascii: rending.comclifads.comlmrycxuojndbekx.tophyperlnk.xyzfaluhupo.xyzyzihutyb.xyzmobileoffers-ac-download.comhdwbdlre.topapi.clickaine.comvideo-ads-module.ad-tech.nbcuni.comb42rracj.comhip-97166b.comthapsooz.netliadm.commmellwauqya
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 6f 6d 0d 0a 74 68 6f 70 68 75 74 68 75 73 68 65 2e 63 6f 6d 0d 0a 6b 79 73 68 79 67 69 77 65 2e 70 72 6f 0d 0a 61 7a 6a 35 37 72 6a 79 2e 63 6f 6d 0d 0a 74 65 63 68 67 61 64 67 65 74 73 79 2e 63 6f 6d 0d 0a 6b 75 68 61 73 77 75 77 61 69 74 69 6e 67 2e 78 79 7a 0d 0a 6d 6e 73 75 73 65 75 6d 63 6f 2e 78 79 7a 0d 0a 67 72 69 6d 65 63 68 65 74 68 79 2e 70 72 6f 0d 0a 69 68 76 64 66 6c 78 6a 74 64 73 67 6e 71 62 2e 78 79 7a 0d 0a 61 73 73 69 73 74 76 61 6e 74 70 2e 62 69 7a 0d 0a 61 73 73 75 72 61 6e 63 65 6c 6f 63 75 73 6d 61 74 2e 63 6f 6d 0d 0a 61 77 73 69 6d 69 6c 65 64 61 72 65 6e 74 2e 78 79 7a 0d 0a 61 78 69 6c 6c 6f 76 65 6c 79 2e 63 6f 6d 0d 0a 69 64 69 6f 74 79 65 74 2e 63 6f 6d 0d 0a 75 6e 73 70 65 61 6b 61 62 6c 65 70 75 72 65 62 65 69 6e 67 73 2e
                                                                                                                                                                                                                                        Data Ascii: omthophuthushe.comkyshygiwe.proazj57rjy.comtechgadgetsy.comkuhaswuwaiting.xyzmnsuseumco.xyzgrimechethy.proihvdflxjtdsgnqb.xyzassistvantp.bizassurancelocusmat.comawsimiledarent.xyzaxillovely.comidiotyet.comunspeakablepurebeings.
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 69 74 2d 61 64 2e 63 6f 6d 0d 0a 6e 65 61 72 65 73 74 61 78 65 2e 63 6f 6d 0d 0a 6c 61 70 73 65 62 72 65 61 6b 2e 63 6f 6d 0d 0a 77 65 61 6b 63 6f 6d 70 72 6f 6d 69 73 65 2e 63 6f 6d 0d 0a 61 64 2e 66 6f 78 6e 65 74 77 6f 72 6b 73 2e 63 6f 6d 0d 0a 61 64 73 66 6f 72 66 61 75 63 65 74 73 2e 63 6f 6d 0d 0a 61 6c 62 65 69 74 69 6e 66 6c 61 6d 65 2e 63 6f 6d 0d 0a 62 69 74 63 6f 69 6e 61 64 2e 69 6f 0d 0a 6a 61 6c 65 77 61 61 64 73 2e 63 6f 6d 0d 0a 78 79 6d 75 73 79 79 2e 72 75 0d 0a 31 66 37 77 77 61 65 78 39 72 62 68 2e 63 6f 6d 0d 0a 61 77 70 74 6c 70 75 2e 63 6f 6d 0d 0a 67 64 67 67 64 63 65 65 68 69 68 67 62 67 69 67 61 64 6a 2e 72 75 0d 0a 67 65 74 74 69 6e 67 75 73 69 6e 67 70 6f 69 73 6f 6e 2e 63 6f 6d 0d 0a 6b 69 6e 64 6e 65 73 73 6d 61 72 73 68 61
                                                                                                                                                                                                                                        Data Ascii: it-ad.comnearestaxe.comlapsebreak.comweakcompromise.comad.foxnetworks.comadsforfaucets.comalbeitinflame.combitcoinad.iojalewaads.comxymusyy.ru1f7wwaex9rbh.comawptlpu.comgdggdceehihgbgigadj.rugettingusingpoison.comkindnessmarsha
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 67 69 2e 63 6f 6d 0d 0a 70 61 75 7a 61 6a 6f 6f 2e 6e 65 74 0d 0a 77 68 75 67 65 73 74 6f 2e 6e 65 74 0d 0a 64 65 70 61 72 74 67 72 6f 73 73 2e 63 6f 6d 0d 0a 73 69 6e 69 73 74 65 72 62 61 74 63 68 6f 64 64 6c 79 2e 63 6f 6d 0d 0a 61 77 66 75 6c 70 6f 72 65 74 72 6f 79 73 2e 63 61 73 61 0d 0a 68 61 64 65 73 6c 65 74 61 2e 63 6f 6d 0d 0a 65 74 68 61 64 65 70 69 63 2e 63 6c 75 62 0d 0a 66 6f 72 7a 73 6c 6f 64 67 65 2e 63 6f 6d 0d 0a 70 74 75 6e 6f 67 72 79 77 68 79 2e 70 72 6f 0d 0a 6e 65 77 73 2d 62 61 63 6b 2e 6f 72 67 0d 0a 62 65 74 61 2d 6e 65 77 73 2e 6f 72 67 0d 0a 6a 71 79 64 65 37 6d 73 62 72 6f 32 2e 63 6f 6d 0d 0a 66 77 74 72 63 6b 2e 63 6f 6d 0d 0a 68 6f 74 68 6f 6d 65 66 75 63 6b 2e 63 6f 6d 0d 0a 61 64 75 6c 74 73 63 6c 69 70 73 2e 63 6f 6d 0d
                                                                                                                                                                                                                                        Data Ascii: gi.compauzajoo.netwhugesto.netdepartgross.comsinisterbatchoddly.comawfulporetroys.casahadesleta.comethadepic.clubforzslodge.comptunogrywhy.pronews-back.orgbeta-news.orgjqyde7msbro2.comfwtrck.comhothomefuck.comadultsclips.com
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 6e 65 61 6b 2e 63 6f 6d 0d 0a 76 69 64 65 6f 62 61 62 61 2e 78 79 7a 0d 0a 6a 61 76 6f 79 79 6e 75 2e 78 79 7a 0d 0a 67 72 6f 77 61 64 76 65 72 74 69 73 69 6e 67 2e 63 6f 6d 0d 0a 62 65 6c 69 65 76 65 67 72 61 6e 64 70 61 2e 63 6f 6d 0d 0a 70 65 65 6b 63 6f 67 65 6e 74 70 6f 70 65 2e 63 6f 6d 0d 0a 70 62 70 72 6f 66 2e 63 6f 6d 0d 0a 61 64 6d 6f 73 74 2d 62 61 6e 6e 65 72 2e 62 2d 63 64 6e 2e 6e 65 74 0d 0a 63 6c 61 72 69 6e 67 2d 6c 6f 63 63 65 6c 6b 69 6e 2e 63 6f 6d 0d 0a 6d 75 74 69 6c 61 74 65 63 6f 61 73 74 2e 63 6f 6d 0d 0a 67 69 67 61 63 70 6d 73 65 72 76 2e 63 6f 6d 0d 0a 33 30 30 64 61 79 74 72 61 76 65 6c 2e 63 6f 6d 0d 0a 63 72 65 61 74 69 76 65 2e 6c 65 6f 6a 6d 70 2e 63 6f 6d 0d 0a 6e 65 74 74 69 65 72 62 72 61 6b 69 65 72 2e 63 6f 6d 0d 0a
                                                                                                                                                                                                                                        Data Ascii: neak.comvideobaba.xyzjavoyynu.xyzgrowadvertising.combelievegrandpa.compeekcogentpope.compbprof.comadmost-banner.b-cdn.netclaring-loccelkin.commutilatecoast.comgigacpmserv.com300daytravel.comcreative.leojmp.comnettierbrakier.com
                                                                                                                                                                                                                                        2024-12-09 00:03:45 UTC1369INData Raw: 76 63 64 6e 62 2e 63 6f 6d 0d 0a 72 6f 6e 74 65 6e 74 2e 70 6f 77 76 69 62 65 6f 2e 63 63 0d 0a 72 65 76 6f 6c 74 70 72 6f 68 69 62 69 74 2e 63 6f 6d 0d 0a 63 64 6e 2e 61 6c 6c 73 70 6f 72 74 73 66 6c 69 78 2e 62 65 73 74 0d 0a 65 72 75 63 72 69 70 70 6c 65 64 2e 63 6f 6d 0d 0a 66 61 77 68 6f 73 69 74 68 6f 2e 63 6f 6d 0d 0a 77 61 62 65 6b 69 63 65 2e 63 6f 6d 0d 0a 63 6f 70 70 65 72 70 6f 6c 79 67 72 61 70 68 66 6f 72 74 68 77 69 74 68 2e 63 6f 6d 0d 0a 75 72 6c 68 61 75 73 61 2e 63 6f 6d 0d 0a 6c 6f 73 69 6e 67 66 6f 75 6e 64 61 74 69 6f 6e 2e 63 6f 6d 0d 0a 63 61 6c 61 6d 69 74 79 66 6f 72 74 75 6e 65 61 75 64 69 6f 2e 63 6f 6d 0d 0a 61 63 63 6f 6d 70 61 6e 69 6d 65 6e 74 63 6f 75 6c 64 73 75 72 70 72 69 73 69 6e 67 6c 79 2e 63 6f 6d 0d 0a 69 6e 65 64
                                                                                                                                                                                                                                        Data Ascii: vcdnb.comrontent.powvibeo.ccrevoltprohibit.comcdn.allsportsflix.besterucrippled.comfawhositho.comwabekice.comcopperpolygraphforthwith.comurlhausa.comlosingfoundation.comcalamityfortuneaudio.comaccompanimentcouldsurprisingly.comined


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        18192.168.2.44979118.165.220.324434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:47 UTC58OUTGET / HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC477INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 42
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:47 GMT
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0LpFy-oAMEcIA=
                                                                                                                                                                                                                                        x-amzn-RequestId: 3875eaf7-6ea3-487a-b4b8-262a96d23fa2
                                                                                                                                                                                                                                        x-amzn-ErrorType: MissingAuthenticationTokenException
                                                                                                                                                                                                                                        X-Cache: Error from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 5008327c23740ce2f9d9ed54c8a489e8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: b07_VFL-OncXXBmw8AQOlW4AiJkHzmSrWeG5pUMV0IV7s2IXMKa0VQ==
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC42INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 4d 69 73 73 69 6e 67 20 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 20 54 6f 6b 65 6e 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"message":"Missing Authentication Token"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        19192.168.2.449794104.26.3.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC92OUTGET /adblockfast/domains/adservers.conf HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:48 GMT
                                                                                                                                                                                                                                        Content-Type: binary/octet-stream
                                                                                                                                                                                                                                        Content-Length: 1014025
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: mWsjQif9KQ4ytejmunZhhPE/AhYYFoHh3mgWw/OjzO+OhEVZAuKvxLlyRrqbaZX5YkksJnJeAvI=
                                                                                                                                                                                                                                        x-amz-request-id: QY820AMNMAV21A1V
                                                                                                                                                                                                                                        Last-Modified: Fri, 29 Jul 2022 11:31:59 GMT
                                                                                                                                                                                                                                        ETag: "3c733ef4c8006237edd1a3bc29a5ddec"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rg8iD1Bk9%2F9PegcYP95skmBGmvLI70mey%2Fzm4cSbmy2ZP4xchu9Pp1ATaDt4ZTbLvQBS4lSov5%2FL1ljE7kaDoNJ9LCw7NAjShd2OxtPZDBDE7WpIMH87hT%2FEFrUlAepJxzzagY4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bbf4dcfb4327-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2027&min_rtt=2005&rtt_var=797&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=730&delivery_rate=1335773&cwnd=245&unsent_bytes=0&cid=e656c8735d09b872&ts=533&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC351INData Raw: 30 30 30 31 2d 63 61 62 38 2d 34 63 38 63 2d 34 33 64 65 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 30 32 2d 73 6c 71 2d 34 37 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 30 34 2d 62 74 72 2d 34 36 33 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 30 35 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 73 2e 63 6f 2e 75 6b 0a 30 30 36 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 73 2e 63 6f 2e 75 6b 0a 30 30 37 35 2d 37 31 31 32 2d 65 37 65 62 2d 66 39 62 39 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 30 37 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 73 2e 63 6f 2e 75 6b 0a 30 30 38 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 73 2e 63 6f 2e 75 6b 0a 30 30 39 2e 62 61 70 69 2e 61 64 73 61 66 65 70 72 6f 74 65 63 74 65 64 2e 63 6f 6d 0a 30 30 39 2d 79 6c 69 2d 32 34 31 2e 6d 6b 74 6f 72 65
                                                                                                                                                                                                                                        Data Ascii: 0001-cab8-4c8c-43de.reporo.net002-slq-470.mktoresp.com004-btr-463.mktoresp.com005.free-counters.co.uk006.free-counters.co.uk0075-7112-e7eb-f9b9.reporo.net007.free-counters.co.uk008.free-counters.co.uk009.bapi.adsafeprotected.com009-yli-241.mktore
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 2d 6b 6e 7a 2d 35 30 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 31 31 2d 75 62 78 2d 31 32 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 31 32 2e 32 6f 37 2e 6e 65 74 0a 30 31 34 2d 63 6c 72 2d 34 32 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 31 65 37 2d 36 66 38 36 2d 65 30 33 35 2d 63 34 62 36 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 32 31 38 2d 38 66 38 39 2d 37 39 36 37 2d 37 36 38 62 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 32 33 2d 65 7a 6b 2d 31 32 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 32 34 66 2d 63 34 30 39 2d 31 64 36 34 2d 39 63 38 38 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 32 36 2d 79 6f 7a 2d 32 35 39 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 32 37 31 2d 38 34 32 64 2d 35 61 38 62 2d 64 32 63 39 2e 72 65 70 6f 72 6f 2e 6e
                                                                                                                                                                                                                                        Data Ascii: -knz-501.mktoresp.com011-ubx-120.mktoresp.com012.2o7.net014-clr-420.mktoresp.com01e7-6f86-e035-c4b6.reporo.net0218-8f89-7967-768b.reporo.net023-ezk-120.mktoresp.com024f-c409-1d64-9c88.reporo.net026-yoz-259.mktoresp.com0271-842d-5a8b-d2c9.reporo.n
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 72 65 73 70 2e 63 6f 6d 0a 30 38 38 2d 69 76 6b 2d 31 33 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 38 39 36 2d 63 31 62 39 2d 65 64 34 30 2d 61 63 61 64 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 38 39 2d 69 67 77 2d 39 35 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 30 2d 68 68 6f 2d 33 30 39 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 32 2d 6f 6c 73 2d 30 32 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 33 35 2d 35 34 35 37 2d 39 61 31 64 2d 63 65 30 36 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 30 39 33 2d 6d 78 63 2d 34 36 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 33 2d 74 71 79 2d 32 32 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 34 2d 64 63 73 2d 32 39 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 30 39 38 2d 66 72 62 2d 38
                                                                                                                                                                                                                                        Data Ascii: resp.com088-ivk-130.mktoresp.com0896-c1b9-ed40-acad.reporo.net089-igw-950.mktoresp.com090-hho-309.mktoresp.com092-ols-020.mktoresp.com0935-5457-9a1d-ce06.reporo.net093-mxc-460.mktoresp.com093-tqy-221.mktoresp.com094-dcs-290.mktoresp.com098-frb-8
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 69 6e 67 2e 63 6f 6d 0a 31 30 33 37 32 2e 62 61 70 69 2e 61 64 73 61 66 65 70 72 6f 74 65 63 74 65 64 2e 63 6f 6d 0a 31 30 33 2d 69 6c 65 2d 31 33 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 30 33 2d 71 63 66 2d 33 31 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 30 34 34 38 38 39 2e 66 6c 73 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 0a 31 30 34 36 38 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 30 35 31 33 2e 31 31 32 2e 32 6f 37 2e 6e 65 74 0a 31 30 35 2d 69 67 6e 2d 33 30 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 30 35 2d 6c 79 75 2d 37 33 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 30 36 31 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31
                                                                                                                                                                                                                                        Data Ascii: ing.com10372.bapi.adsafeprotected.com103-ile-130.mktoresp.com103-qcf-311.mktoresp.com1044889.fls.doubleclick.net10468.engine.mobileapptracking.com10513.112.2o7.net105-ign-300.mktoresp.com105-lyu-731.mktoresp.com1061.engine.mobileapptracking.com1
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 31 32 2d 74 7a 6d 2d 37 36 36 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 31 34 33 30 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 31 35 33 30 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 31 35 36 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 31 35 37 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 31 35 38 38 39 34 2e 66 6c 73 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 0a 31 31 36 37 36 31 30 2e 66 6c 73 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 0a 31 31 36 2d 6c 70 78 2d 36 30 30 2e 6d 6b 74 6f 72 65 73 70 2e 63
                                                                                                                                                                                                                                        Data Ascii: acking.com112-tzm-766.mktoresp.com11430.engine.mobileapptracking.com115302.engine.mobileapptracking.com11562.engine.mobileapptracking.com11576.engine.mobileapptracking.com1158894.fls.doubleclick.net1167610.fls.doubleclick.net116-lpx-600.mktoresp.c
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 74 61 70 69 2e 63 6f 6d 0a 31 32 37 38 34 35 2d 68 62 2e 61 64 6f 6d 69 6b 2e 63 6f 6d 0a 31 32 37 39 30 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 32 37 63 2d 30 33 65 30 2d 32 63 61 65 2d 61 37 34 62 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 31 32 37 2e 64 65 6d 64 65 78 2e 6e 65 74 0a 31 32 37 2d 67 72 69 2d 36 32 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 32 38 30 34 2e 77 69 64 67 65 74 2e 63 72 69 74 65 6f 2e 63 6f 6d 0a 31 32 38 34 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 32 39 2d 64 7a 72 2d 34 37 35 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 32 39 2d 72 63 77 2d 34 35 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 32 67 65 62 72 61 75 63 68
                                                                                                                                                                                                                                        Data Ascii: tapi.com127845-hb.adomik.com12790.engine.mobileapptracking.com127c-03e0-2cae-a74b.reporo.net127.demdex.net127-gri-621.mktoresp.com12804.widget.criteo.com12846.engine.mobileapptracking.com129-dzr-475.mktoresp.com129-rcw-450.mktoresp.com12gebrauch
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 6e 65 74 0a 31 33 66 32 2d 39 33 64 32 2d 36 37 61 33 2d 32 31 63 62 2e 72 65 70 6f 72 6f 2e 6e 65 74 0a 31 34 30 31 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 34 30 33 36 33 39 2e 66 6c 73 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 0a 31 34 30 35 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 34 30 36 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 34 30 38 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 34 30 63 63 2e 76 2e 66 77 6d 72 6d 2e 6e 65 74 0a 31 34 30 63 64 2e 76 2e 66 77 6d 72 6d 2e 6e 65 74 0a 31 34 30 2d 6b 6f 62 2d 34 34 30 2e 6d 6b 74 6f
                                                                                                                                                                                                                                        Data Ascii: net13f2-93d2-67a3-21cb.reporo.net14012.engine.mobileapptracking.com1403639.fls.doubleclick.net14056.engine.mobileapptracking.com14062.engine.mobileapptracking.com14082.engine.mobileapptracking.com140cc.v.fwmrm.net140cd.v.fwmrm.net140-kob-440.mkto
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 0a 31 35 31 31 35 30 2e 6d 65 61 73 75 72 65 6d 65 6e 74 61 70 69 2e 63 6f 6d 0a 31 35 31 31 39 33 30 2e 66 6c 73 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 0a 31 35 31 2d 62 64 6b 2d 33 32 31 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 35 32 36 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 35 32 39 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 35 32 39 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 35 32 6d 65 64 69 61 2e 61 64 6b 32 78 2e 63 6f 6d 0a 31 35 33 39 30 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 35 33 39 38 33 33 2e 66 6c 73 2e 64 6f 75 62
                                                                                                                                                                                                                                        Data Ascii: 151150.measurementapi.com1511930.fls.doubleclick.net151-bdk-321.mktoresp.com15266.engine.mobileapptracking.com15292.engine.mobileapptracking.com15296.engine.mobileapptracking.com152media.adk2x.com15390.engine.mobileapptracking.com1539833.fls.doub
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 6b 69 6e 67 2e 63 6f 6d 0a 31 35 39 36 36 38 2e 6d 65 61 73 75 72 65 6d 65 6e 74 61 70 69 2e 63 6f 6d 0a 31 35 39 36 39 32 2e 6d 65 61 73 75 72 65 6d 65 6e 74 61 70 69 2e 63 6f 6d 0a 31 35 69 30 73 31 30 6b 75 62 2e 6b 61 6d 65 6c 65 6f 6f 6e 2e 65 75 0a 31 35 2e 74 61 62 6f 6f 6c 61 2e 63 6f 6d 0a 31 36 30 32 32 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 30 35 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 30 39 30 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 30 39 31 36 2e 6d 65 61 73 75 72 65 6d 65 6e 74 61 70 69 2e 63 6f 6d 0a 31 36 30 39 33 34 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70
                                                                                                                                                                                                                                        Data Ascii: king.com159668.measurementapi.com159692.measurementapi.com15i0s10kub.kameleoon.eu15.taboola.com160226.engine.mobileapptracking.com16052.engine.mobileapptracking.com160906.engine.mobileapptracking.com160916.measurementapi.com160934.engine.mobileap
                                                                                                                                                                                                                                        2024-12-09 00:03:48 UTC1369INData Raw: 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 34 39 32 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 34 39 33 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 34 2d 68 7a 72 2d 37 39 30 2e 6d 6b 74 6f 72 65 73 70 2e 63 6f 6d 0a 31 36 35 30 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 35 31 30 36 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31 36 35 31 37 36 2e 6d 65 61 73 75 72 65 6d 65 6e 74 61 70 69 2e 63 6f 6d 0a 31 36 35 32 32 2e 65 6e 67 69 6e 65 2e 6d 6f 62 69 6c 65 61 70 70 74 72 61 63 6b 69 6e 67 2e 63 6f 6d 0a 31
                                                                                                                                                                                                                                        Data Ascii: ne.mobileapptracking.com164922.engine.mobileapptracking.com164936.engine.mobileapptracking.com164-hzr-790.mktoresp.com16502.engine.mobileapptracking.com165106.engine.mobileapptracking.com165176.measurementapi.com16522.engine.mobileapptracking.com1


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        20192.168.2.44979718.165.220.324438084C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:50 UTC206OUTGET /apps/config?productId=adblockfast&distId=marketator&anonId=9e146be9-c76a-4720-bcdb-53011b87bd06 HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        2024-12-09 00:03:51 UTC529INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 432
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:50 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633e6-1b36f5075084da173070bab5;Parent=15b76cb584a9deed;Sampled=0;Lineage=1:117a9352:0
                                                                                                                                                                                                                                        x-amzn-RequestId: 9057387c-9fa6-4b46-a0d6-d9d14c1d0b46
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0MJEs_IAMEqBw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 95b5fb95856bf27af281fa1597f7ec54.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: tPde9t3PH6LgH0-s_E8Gi1WpVTQ6qcLe5l6QLznLbfp9BlRzGr_3TQ==
                                                                                                                                                                                                                                        2024-12-09 00:03:51 UTC432INData Raw: 7b 22 63 6f 6e 66 69 67 22 3a 7b 22 75 70 64 61 74 65 22 3a 7b 22 61 70 70 43 61 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 6d 61 72 6b 65 74 61 74 6f 72 2f 77 69 6e 64 6f 77 73 2f 61 70 70 63 61 73 74 2e 78 6d 6c 22 7d 2c 22 6d 61 73 73 69 76 65 53 64 6b 4b 65 79 22 3a 22 34 63 36 66 64 66 63 39 2d 64 65 37 38 2d 34 38 39 39 2d 38 64 63 36 2d 33 36 35 62 39 63 35 64 62 37 39 39 22 2c 22 65 78 74 72 61 22 3a 7b 22 62 6c 6f 63 6b 6c 69 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61 73 74 2f 70 72 6f 64 2f 69 70 73 2e 74 78 74 22 2c 22
                                                                                                                                                                                                                                        Data Ascii: {"config":{"update":{"appCastUrl":"https://downloads.joinmassive.com/adblockfast/marketator/windows/appcast.xml"},"massiveSdkKey":"4c6fdfc9-de78-4899-8dc6-365b9c5db799","extra":{"blocklistUrl":"https://downloads.joinmassive.com/adblockfast/prod/ips.txt","


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        21192.168.2.449803104.26.3.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:52 UTC91OUTGET /adblockfast/domains/facebook.conf HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1039INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:52 GMT
                                                                                                                                                                                                                                        Content-Type: binary/octet-stream
                                                                                                                                                                                                                                        Content-Length: 130921
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: g8+WEUyr7s9fv39L2qT+U6/qgEshMDoCpb9aIsUvBk+Qog4sCUtlNLAj/DQcf/Vt/btkxAwJ8zazqfCftHqJoyBWcbaIwQki
                                                                                                                                                                                                                                        x-amz-request-id: 95APZXQCYE16VXDA
                                                                                                                                                                                                                                        Last-Modified: Fri, 29 Jul 2022 11:31:59 GMT
                                                                                                                                                                                                                                        ETag: "ba1435f50eb74c8a1ad64a75eb9d478b"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9VTpwjh2nHf%2BM0KgZXSu8iN7poCW1MhIJpCziEu92wpVf5Hg3gRjs65NIza0L6l4z4ZmyWc%2BcZsf%2BAdizurbPS8WqaagTZ2DjA2EZiSuaR4hxogjIirxkM%2B%2FQd8tLkQbIqSaSg0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bc0efdf4334e-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1989&min_rtt=1985&rtt_var=752&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=729&delivery_rate=1446977&cwnd=173&unsent_bytes=0&cid=e217e0dee8f7af4b&ts=520&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC330INData Raw: 30 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d 61 73 68 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 30 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 31 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d 61 73 68 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 31 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 31 31 2e 6c 6c 61 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 32 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d 61 73 68 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 32 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 32 66 6f 6f 6b 61 73 69 64 65 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 33 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d
                                                                                                                                                                                                                                        Data Ascii: 0-channel-proxy-07-ash2.facebook.com0-edge-chat.facebook.com1-channel-proxy-07-ash2.facebook.com1-edge-chat.facebook.com11.lla2.facebook.com2-channel-proxy-07-ash2.facebook.com2-edge-chat.facebook.com2fookaside.fbsbx.com3-channel-proxy-07-
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 6f 6b 2e 63 6f 6d 0d 0a 34 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 35 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d 61 73 68 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 35 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 36 2d 63 68 61 6e 6e 65 6c 2d 70 72 6f 78 79 2d 30 37 2d 61 73 68 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 36 2d 65 64 67 65 2d 63 68 61 74 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 39 66 64 6d 71 62 67 64 6d 70 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 2e 6e 73 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 2e 6e 73 2e 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 0d 0a 61 2e 6f 6b 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 33 2e 73 70 68 6f
                                                                                                                                                                                                                                        Data Ascii: ok.com4-edge-chat.facebook.com5-channel-proxy-07-ash2.facebook.com5-edge-chat.facebook.com6-channel-proxy-07-ash2.facebook.com6-edge-chat.facebook.com9fdmqbgdmp.apps.fbsbx.coma.ns.facebook.coma.ns.t.facebook.neta.ok.facebook.coma3.spho
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 0a 61 65 30 2e 62 72 30 31 2e 76 69 65 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 31 2e 70 72 6e 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 31 2e 73 6e 63 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 32 2e 70 72 6e 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 32 2e 73 6e 63 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 33 2e 61 73 68 33 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 33 2e 70 72 6e 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 34 2e 61 73 68 33 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 64 72 30 34 2e 70 72 6e 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e 6c 72 30 31 2e 61 73 68 33 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 30 2e
                                                                                                                                                                                                                                        Data Ascii: ae0.br01.vie1.tfbnw.netae0.dr01.prn2.tfbnw.netae0.dr01.snc1.tfbnw.netae0.dr02.prn2.tfbnw.netae0.dr02.snc1.tfbnw.netae0.dr03.ash3.tfbnw.netae0.dr03.prn2.tfbnw.netae0.dr04.ash3.tfbnw.netae0.dr04.prn2.tfbnw.netae0.lr01.ash3.tfbnw.netae0.
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 64 72 30 31 2e 66 72 63 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 64 72 30 32 2e 66 72 63 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 64 72 30 32 2e 70 72 6e 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 64 72 30 35 2e 70 72 6e 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 64 72 30 36 2e 70 72 6e 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 70 72 30 31 2e 61 74 6c 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 70 72 30 31 2e 64 66 77 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 70 72 30 31 2e 66 72 61 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 70 72 30 31 2e 6c 61 78 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 30 2e 70 72 30 31 2e 6d
                                                                                                                                                                                                                                        Data Ascii: fbnw.netae10.dr01.frc1.tfbnw.netae10.dr02.frc1.tfbnw.netae10.dr02.prn1.tfbnw.netae10.dr05.prn1.tfbnw.netae10.dr06.prn1.tfbnw.netae10.pr01.atl1.tfbnw.netae10.pr01.dfw1.tfbnw.netae10.pr01.fra2.tfbnw.netae10.pr01.lax1.tfbnw.netae10.pr01.m
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 30 34 2e 61 74 6e 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 64 72 30 34 2e 66 72 63 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 61 74 6c 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 64 66 77 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 68 6b 67 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 6c 67 61 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 6c 68 72 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 6c 68 72 33 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 31 2e 6f 72 64 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 31 2e 70 72 30 32 2e 61 74 6c 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65
                                                                                                                                                                                                                                        Data Ascii: 04.atn1.tfbnw.netae11.dr04.frc1.tfbnw.netae11.pr01.atl1.tfbnw.netae11.pr01.dfw1.tfbnw.netae11.pr01.hkg1.tfbnw.netae11.pr01.lga1.tfbnw.netae11.pr01.lhr2.tfbnw.netae11.pr01.lhr3.tfbnw.netae11.pr01.ord1.tfbnw.netae11.pr02.atl1.tfbnw.netae
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 0d 0a 61 65 31 32 2e 70 72 30 31 2e 6c 68 72 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 31 2e 6d 69 61 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 31 2e 6f 72 64 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 31 2e 73 65 61 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 31 2e 73 69 6e 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 32 2e 61 74 6c 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 32 2e 70 72 30 32 2e 73 65 61 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 33 2e 62 62 30 31 2e 61 74 6c 31 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 33 2e 62 62 30 31 2e 6c 68 72 32 2e 74 66 62 6e 77 2e 6e 65 74 0d 0a 61 65 31 33 2e 62 62 30 31 2e 6d 69 61 31 2e 74 66 62 6e
                                                                                                                                                                                                                                        Data Ascii: ae12.pr01.lhr2.tfbnw.netae12.pr01.mia1.tfbnw.netae12.pr01.ord1.tfbnw.netae12.pr01.sea1.tfbnw.netae12.pr01.sin1.tfbnw.netae12.pr02.atl1.tfbnw.netae12.pr02.sea1.tfbnw.netae13.bb01.atl1.tfbnw.netae13.bb01.lhr2.tfbnw.netae13.bb01.mia1.tfbn
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 61 6c 70 68 61 2d 73 68 76 2d 30 33 2d 6c 6c 61 31 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6c 70 68 61 2d 73 68 76 2d 30 34 2d 70 72 6e 32 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6c 70 68 61 2d 73 68 76 2d 30 39 2d 66 72 63 31 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6c 70 68 61 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6c 70 68 61 2e 6d 69 72 72 6f 72 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 0d 0a 61 6c 70 68 61 2e 76 76 76 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6c 74 61 69 72 67 6c 6f 62 61 6c 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6e 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6e 61 6c 79 74 69 63 73 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 0d 0a 61 6e 69 6d 61 65 64 75 63 61 63 61 6f 2e 66 61 63 65 62 6f
                                                                                                                                                                                                                                        Data Ascii: alpha-shv-03-lla1.facebook.comalpha-shv-04-prn2.facebook.comalpha-shv-09-frc1.facebook.comalpha.facebook.comalpha.mirror.facebook.netalpha.vvv.facebook.comaltairglobal.facebook.coman.facebook.comanalytics.facebook.comanimaeducacao.facebo
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 32 36 34 32 30 33 38 31 36 39 34 39 37 31 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 32 37 36 31 37 39 36 33 35 37 39 38 39 31 33 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 32 37 38 36 35 31 39 34 38 39 30 32 37 38 32 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 32 38 30 36 35 37 31 31 33 34 38 37 32 33 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 33 30 37 30 36 37 30 31 32 37 36 33 38 37 32 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 33 30 38 30 32 35 32 37 35 39 36 37 30 30 34 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 33 31 31 37 31 35 33 33 35 35 31 38 32
                                                                                                                                                                                                                                        Data Ascii: sbx.comapps-1264203816949710.apps.fbsbx.comapps-1276179635798913.apps.fbsbx.comapps-1278651948902782.apps.fbsbx.comapps-128065711348723.apps.fbsbx.comapps-1307067012763872.apps.fbsbx.comapps-1308025275967004.apps.fbsbx.comapps-13117153355182
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 39 30 33 30 37 34 37 34 34 30 32 32 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 35 37 34 33 37 32 31 31 37 32 35 35 31 31 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 35 37 36 34 36 39 34 39 32 34 30 30 39 30 31 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 35 38 32 32 32 34 30 34 35 38 33 39 36 31 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 35 38 34 38 31 35 39 35 38 32 34 31 32 32 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 36 30 38 34 30 35 32 31 32 36 33 34 32 33 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 36 31 35 30 31 34 32 35 31 39 31 30 31 33 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61
                                                                                                                                                                                                                                        Data Ascii: 903074744022.apps.fbsbx.comapps-157437211725511.apps.fbsbx.comapps-1576469492400901.apps.fbsbx.comapps-158222404583961.apps.fbsbx.comapps-1584815958241220.apps.fbsbx.comapps-160840521263423.apps.fbsbx.comapps-1615014251910130.apps.fbsbx.coma
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC1369INData Raw: 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 32 33 37 36 35 33 30 31 30 31 33 37 30 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 32 34 39 34 36 32 39 34 32 31 31 35 37 38 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 33 32 38 30 35 33 30 37 30 32 36 36 37 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 33 35 31 36 37 33 33 33 35 30 33 39 30 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 34 30 36 33 30 30 36 36 32 38 38 34 33 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 34 39 30 38 38 36 39 38 34 30 32 35 32 2e 61 70 70 73 2e 66 62 73 62 78 2e 63 6f 6d 0d 0a 61 70 70 73 2d 31 37 35 32 34 38 31 34 34 31 34 39 39 35 33
                                                                                                                                                                                                                                        Data Ascii: bsbx.comapps-1723765301013700.apps.fbsbx.comapps-1724946294211578.apps.fbsbx.comapps-1732805307026670.apps.fbsbx.comapps-173516733350390.apps.fbsbx.comapps-174063006628843.apps.fbsbx.comapps-174908869840252.apps.fbsbx.comapps-175248144149953


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        22192.168.2.44980018.165.220.324438084C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:52 UTC194OUTPOST /telemetry?source=app&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 248
                                                                                                                                                                                                                                        2024-12-09 00:03:52 UTC248OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 38 38 36 37 36 32 32 2c 22 64 61 74 61 22 3a 7b 22 72 65 61 73 6f 6e 22 3a 22 41 74 74 65 6d 70 74 20 74 6f 20 73 74 61 72 74 20 32 6e 64 20 69 6e 73 74 61 6e 63 65 22 7d 2c 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 6e 61 6d 65 22 3a 22 4d 75 6c 74 69 49 6e 73 74 61 6e 63 65 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 31 37 33 33 37 30 38 38 36 37 22 2c 22 74 79 70 65 22 3a 22 57 61 72 6e 69 6e 67 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 33 2e 32 22 7d 7d
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733708867622,"data":{"reason":"Attempt to start 2nd instance"},"info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","name":"MultiInstance","productId":"adblockfast","sessionId":"9e141733708867","type":"Warning","version":"0.3.2"}}
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:53 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633e9-365c3a6a283adc7b0c48bea7
                                                                                                                                                                                                                                        x-amzn-RequestId: 3a95c2e8-758a-4426-9bc0-ff6d6e178f42
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0MgFbdIAMEdmA=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 5c23ab9748dfedff76d0f834e4ad56b0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 7cp1iI0gMchkUVDBvpaMM2ni-KC-IOBs-mUDo7-2AvGTNEGgINlvCg==
                                                                                                                                                                                                                                        2024-12-09 00:03:53 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        23192.168.2.449806104.26.3.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:54 UTC90OUTGET /adblockfast/domains/domains.conf HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1029INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:55 GMT
                                                                                                                                                                                                                                        Content-Type: binary/octet-stream
                                                                                                                                                                                                                                        Content-Length: 513307
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: Nz0RpLWXXMK0/o5BGSsHG5vrN8S0V7ZAr4YVBp2NnWCoXqTvqC5idxe9bT6XyHmyVjhG1wyb1DNCPhTtDilGFQ==
                                                                                                                                                                                                                                        x-amz-request-id: RH2SPNPAPGCSB5H3
                                                                                                                                                                                                                                        Last-Modified: Fri, 29 Jul 2022 11:31:59 GMT
                                                                                                                                                                                                                                        ETag: "e9210f31a85af4e3f7883f2790ea8616"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3hg%2Fibmeu3SU63STWlRxe%2F4ATi9pkfXnbWTvJ6nhZjJpAisfE78R8MOLgOMxVuFRHpvJjOFPwBkA6Qa%2FphGQwmysP7GxAWglz%2FiiaTUJvjRLyTWQaIfihfjanxavLRvlxwj7qho%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bc1db945426a-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1649&min_rtt=1607&rtt_var=632&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=728&delivery_rate=1817050&cwnd=223&unsent_bytes=0&cid=303b2711254935f7&ts=545&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC340INData Raw: 30 2e 72 2e 6d 73 6e 2e 63 6f 6d 0d 0a 0d 0a 30 2e 73 74 61 72 74 2e 62 7a 0d 0a 0d 0a 30 30 30 64 6f 6d 2e 72 65 76 65 6e 75 65 64 69 72 65 63 74 2e 63 6f 6d 0d 0a 0d 0a 30 30 35 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 2e 63 6f 2e 75 6b 0d 0a 0d 0a 30 30 36 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 2e 63 6f 2e 75 6b 0d 0a 0d 0a 30 30 37 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 2e 63 6f 2e 75 6b 0d 0a 0d 0a 30 30 38 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 2e 63 6f 2e 75 6b 0d 0a 0d 0a 30 30 38 2e 66 72 65 65 2d 63 6f 75 6e 74 65 72 73 2e 63 6f 2e 75 6b 0d 0a 0d 0a 30 30 38 6b 2e 63 6f 6d 0d 0a 0d 0a 30 30 68 71 2e 63 6f 6d 0d 0a 0d 0a 30 30 69 6e 6b 6a 65 74 73 2e 63 6f 6d 0d 0a 0d 0a 30 31 2e 73 68 61 72 65 64 73 6f 75 72 63 65 2e 6f 72 67 0d 0a 0d 0a 30 31 30
                                                                                                                                                                                                                                        Data Ascii: 0.r.msn.com0.start.bz000dom.revenuedirect.com005.free-counter.co.uk006.free-counter.co.uk007.free-counter.co.uk008.free-counter.co.uk008.free-counters.co.uk008k.com00hq.com00inkjets.com01.sharedsource.org010
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 30 33 32 34 33 39 2e 63 6f 6d 0d 0a 0d 0a 30 33 39 30 36 38 61 2e 64 69 61 6c 65 72 2d 73 65 6c 65 63 74 2e 63 6f 6d 0d 0a 0d 0a 30 34 32 37 64 37 2e 73 65 0d 0a 0d 0a 30 35 2e 73 68 61 72 65 64 73 6f 75 72 63 65 2e 6f 72 67 0d 0a 0d 0a 30 35 33 32 61 39 2e 72 2e 61 78 66 38 2e 6e 65 74 0d 0a 0d 0a 30 35 70 2e 63 6f 6d 0d 0a 0d 0a 30 36 31 36 30 36 30 38 34 34 34 38 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 30 36 34 62 64 66 2e 72 2e 61 78 66 38 2e 6e 65 74 0d 0a 0d 0a 30 37 30 2e 75 73 0d 0a 0d 0a 30 37 30 38 30 36 31 34 32 35 32 31 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 30 37 37 2e 75 73 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 30 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37
                                                                                                                                                                                                                                        Data Ascii: 032439.com039068a.dialer-select.com0427d7.se05.sharedsource.org0532a9.r.axf8.net05p.com061606084448.c.mystat-in.net064bdf.r.axf8.net070.us070806142521.c.mystat-in.net077.us08.185.87.0.liveadvert.com08.185.87
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 33 35 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 33 36 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 33 37 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 33 38 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 33 39 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 34 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 34 30 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 34 31 2e 6c 69 76 65
                                                                                                                                                                                                                                        Data Ascii: advert.com08.185.87.135.liveadvert.com08.185.87.136.liveadvert.com08.185.87.137.liveadvert.com08.185.87.138.liveadvert.com08.185.87.139.liveadvert.com08.185.87.14.liveadvert.com08.185.87.140.liveadvert.com08.185.87.141.live
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 37 38 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 37 39 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 30 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 31 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 33 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 34 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 31 38 35 2e 6c
                                                                                                                                                                                                                                        Data Ascii: iveadvert.com08.185.87.178.liveadvert.com08.185.87.179.liveadvert.com08.185.87.18.liveadvert.com08.185.87.180.liveadvert.com08.185.87.181.liveadvert.com08.185.87.183.liveadvert.com08.185.87.184.liveadvert.com08.185.87.185.l
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 2e 31 38 35 2e 38 37 2e 35 30 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 31 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 33 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 34 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 35 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 36 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 37 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 35 38 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37
                                                                                                                                                                                                                                        Data Ascii: .185.87.50.liveadvert.com08.185.87.51.liveadvert.com08.185.87.53.liveadvert.com08.185.87.54.liveadvert.com08.185.87.55.liveadvert.com08.185.87.56.liveadvert.com08.185.87.57.liveadvert.com08.185.87.58.liveadvert.com08.185.87
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 35 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 39 36 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 39 37 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 39 38 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 38 2e 31 38 35 2e 38 37 2e 39 39 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 30 39 2e 73 68 61 72 65 64 73 6f 75 72 63 65 2e 6f 72 67 0d 0a 0d 0a 30 39 30 30 2e 63 6f 6d 0d 0a 0d 0a 30 39 30 39 30 36 30 34 32 31 30 33 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 30 39 32 37 30 36 31 35 32 39 35 38 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 30 39 33 71 70 65 75 71 70 6d 7a 36
                                                                                                                                                                                                                                        Data Ascii: 5.liveadvert.com08.185.87.96.liveadvert.com08.185.87.97.liveadvert.com08.185.87.98.liveadvert.com08.185.87.99.liveadvert.com09.sharedsource.org0900.com090906042103.c.mystat-in.net092706152958.c.mystat-in.net093qpeuqpmz6
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 72 6c 73 70 61 72 6b 2e 6e 65 74 0d 0a 0d 0a 31 31 32 30 30 36 31 33 33 33 32 36 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 31 31 33 36 39 33 75 72 6c 2e 64 69 73 70 6c 61 79 61 64 66 65 65 64 2e 63 6f 6d 0d 0a 0d 0a 31 31 37 2e 6d 79 6c 6f 6e 67 74 61 69 6c 2e 63 6f 6d 0d 0a 0d 0a 31 31 38 36 30 35 2d 35 34 33 37 2e 6c 69 6e 6b 2e 69 77 61 6e 74 74 6f 64 65 6c 69 76 65 72 2e 63 6f 6d 0d 0a 0d 0a 31 31 39 35 34 2e 66 69 6c 74 65 72 2e 62 75 6c 6c 68 6f 72 6e 73 65 61 72 63 68 2e 63 6f 6d 0d 0a 0d 0a 31 31 61 6c 69 76 65 6e 65 77 73 2e 63 6f 6d 0d 0a 0d 0a 31 31 71 65 2e 63 6f 6d 0d 0a 0d 0a 31 32 31 38 30 37 31 35 30 33 32 35 2e 63 2e 6d 79 73 74 61 74 2d 69 6e 2e 6e 65 74 0d 0a 0d 0a 31 32 32 2e 32 6f 37 2e 6e 65 74 0d 0a 0d 0a 31 32 32
                                                                                                                                                                                                                                        Data Ascii: rlspark.net112006133326.c.mystat-in.net113693url.displayadfeed.com117.mylongtail.com118605-5437.link.iwanttodeliver.com11954.filter.bullhornsearch.com11alivenews.com11qe.com121807150325.c.mystat-in.net122.2o7.net122
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 0d 0a 0d 0a 31 38 30 73 65 61 72 63 68 61 73 73 69 73 74 61 6e 74 2e 63 6f 6d 0d 0a 0d 0a 31 38 36 37 2e 73 74 61 74 73 2e 6d 69 73 73 74 72 65 6e 64 73 2e 63 6f 6d 0d 0a 0d 0a 31 38 64 6d 6d 2e 63 6f 6d 0d 0a 0d 0a 31 39 2e 73 68 61 72 65 64 73 6f 75 72 63 65 2e 6f 72 67 0d 0a 0d 0a 31 39 30 31 2e 6e 6f 72 64 73 74 72 6f 6d 2e 63 6f 6d 0d 0a 0d 0a 31 39 30 39 37 2e 68 69 74 74 61 69 6c 2e 63 6f 6d 0d 0a 0d 0a 31 39 32 2e 31 36 38 2e 31 32 32 2e 32 6f 37 2e 6e 65 74 0d 0a 0d 0a 31 39 32 2e 63 6f 6d 0d 0a 0d 0a 31 39 35 30 30 2e 68 69 74 74 61 69 6c 2e 63 6f 6d 0d 0a 0d 0a 31 39 35 33 33 2e 68 69 74 74 61 69 6c 2e 63 6f 6d 0d 0a 0d 0a 31 61 75 2e 63 71 63 6f 75 6e 74 65 72 2e 63 6f 6d 0d 0a 0d 0a 31 61 75 74 6f 63 69 74 79 2e 63 6f 6d 0d 0a 0d 0a 31 62 62
                                                                                                                                                                                                                                        Data Ascii: 180searchassistant.com1867.stats.misstrends.com18dmm.com19.sharedsource.org1901.nordstrom.com19097.hittail.com192.168.122.2o7.net192.com19500.hittail.com19533.hittail.com1au.cqcounter.com1autocity.com1bb
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 0d 0a 0d 0a 32 2e 73 30 39 2e 66 6c 61 67 63 6f 75 6e 74 65 72 2e 63 6f 6d 0d 0a 0d 0a 32 30 2e 73 68 61 72 65 64 73 6f 75 72 63 65 2e 6f 72 67 0d 0a 0d 0a 32 30 30 30 2e 32 2e 6c 69 6e 6b 73 34 74 72 61 64 65 2e 63 6f 6d 0d 0a 0d 0a 32 30 30 30 63 68 61 72 67 65 2e 63 6f 6d 0d 0a 0d 0a 32 30 30 31 70 6f 73 69 74 69 6f 6e 73 2e 63 6f 6d 0d 0a 0d 0a 32 30 30 35 2d 73 65 61 72 63 68 2e 63 6f 6d 0d 0a 0d 0a 32 30 30 37 2d 73 65 61 72 63 68 2e 63 6f 6d 0d 0a 0d 0a 32 30 30 39 2d 73 65 61 72 63 68 2e 63 6f 6d 0d 0a 0d 0a 32 30 32 2e 36 2e 38 37 2e 31 39 34 2e 64 79 6e 61 6d 69 63 2e 64 6f 6c 2e 72 75 0d 0a 0d 0a 32 30 32 30 73 65 61 72 63 68 2e 63 6f 6d 0d 0a 0d 0a 32 30 32 36 2e 63 6f 6d 0d 0a 0d 0a 32 30 34 32 39 2e 64 69 61 6c 65 72 2e 6c 69 6e 63 61 73 73
                                                                                                                                                                                                                                        Data Ascii: 2.s09.flagcounter.com20.sharedsource.org2000.2.links4trade.com2000charge.com2001positions.com2005-search.com2007-search.com2009-search.com202.6.87.194.dynamic.dol.ru2020search.com2026.com20429.dialer.lincass
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC1369INData Raw: 2e 31 32 39 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 30 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 31 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 32 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 33 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 34 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30 38 2e 31 38 35 2e 38 37 2e 31 33 35 2e 6c 69 76 65 61 64 76 65 72 74 2e 63 6f 6d 0d 0a 0d 0a 32 30
                                                                                                                                                                                                                                        Data Ascii: .129.liveadvert.com208.185.87.13.liveadvert.com208.185.87.130.liveadvert.com208.185.87.131.liveadvert.com208.185.87.132.liveadvert.com208.185.87.133.liveadvert.com208.185.87.134.liveadvert.com208.185.87.135.liveadvert.com20


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        24192.168.2.44980734.120.195.2494438084C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC317OUTPOST /api/5420194/envelope/ HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/x-sentry-envelope
                                                                                                                                                                                                                                        User-Agent: sentry.native/0.4.12
                                                                                                                                                                                                                                        x-sentry-auth: Sentry sentry_key=06798e99d7ee416faaf4e01cd2f1faaf, sentry_version=7, sentry_client=sentry.native/0.4.12
                                                                                                                                                                                                                                        Content-Length: 351
                                                                                                                                                                                                                                        Host: o428832.ingest.sentry.io
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC351OUTData Raw: 7b 22 64 73 6e 22 3a 22 68 74 74 70 73 3a 2f 2f 30 36 37 39 38 65 39 39 64 37 65 65 34 31 36 66 61 61 66 34 65 30 31 63 64 32 66 31 66 61 61 66 40 6f 34 32 38 38 33 32 2e 69 6e 67 65 73 74 2e 73 65 6e 74 72 79 2e 69 6f 2f 35 34 32 30 31 39 34 22 7d 0a 7b 22 74 79 70 65 22 3a 22 73 65 73 73 69 6f 6e 22 2c 22 6c 65 6e 67 74 68 22 3a 32 33 35 7d 0a 7b 22 69 6e 69 74 22 3a 74 72 75 65 2c 22 73 69 64 22 3a 22 35 35 32 61 36 64 63 34 2d 32 39 35 66 2d 34 30 61 64 2d 66 31 64 38 2d 63 31 38 63 31 62 32 31 31 39 64 34 22 2c 22 73 74 61 74 75 73 22 3a 22 65 78 69 74 65 64 22 2c 22 64 69 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 65 72 72 6f 72 73 22 3a 30 2c 22 73 74 61 72 74 65
                                                                                                                                                                                                                                        Data Ascii: {"dsn":"https://06798e99d7ee416faaf4e01cd2f1faaf@o428832.ingest.sentry.io/5420194"}{"type":"session","length":235}{"init":true,"sid":"552a6dc4-295f-40ad-f1d8-c18c1b2119d4","status":"exited","did":"9e146be9-c76a-4720-bcdb-53011b87bd06","errors":0,"starte
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC530INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:55 GMT
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        vary: origin, access-control-request-method, access-control-request-headers
                                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                                        access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
                                                                                                                                                                                                                                        cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        2024-12-09 00:03:55 UTC12INData Raw: 32 0d 0a 7b 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 2{}0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        25192.168.2.449811104.26.3.254434020C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:03:57 UTC89OUTGET /adblockfast/domains/custom.conf HTTP/1.1
                                                                                                                                                                                                                                        Host: cdn.computewall.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        2024-12-09 00:03:58 UTC1015INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:03:58 GMT
                                                                                                                                                                                                                                        Content-Type: binary/octet-stream
                                                                                                                                                                                                                                        Content-Length: 1053
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        x-amz-id-2: UMaBr4r46khr5pgkVo6S7OFUdQzmRSgnEMS+/p1HmMvsriJWHBhjTOFjBJ9VjIOveUKSpaU4md0=
                                                                                                                                                                                                                                        x-amz-request-id: 05K04P6MVD5PN9XS
                                                                                                                                                                                                                                        Last-Modified: Mon, 01 Aug 2022 16:14:05 GMT
                                                                                                                                                                                                                                        ETag: "05226da431db1b2ac252543672d35e26"
                                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KPG6MIIW2RKaZ%2BVDaAhcw%2FqjFLJcNLiosLNRmI%2FrN2eOW0ctohE6%2FY1KHMFwqWuWidMnlPZqB04UMPcPx0Gd8TgyIYm2QlnubdAHRpPO2xtCKfwuC0T0huicm0cUqDJsuOv7Dg0%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bc3059347cab-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1984&min_rtt=1968&rtt_var=750&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=727&delivery_rate=1483739&cwnd=192&unsent_bytes=0&cid=c74b22389dcdbfb5&ts=523&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:03:58 UTC354INData Raw: 61 64 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 6d 65 64 69 61 2e 66 61 73 74 63 6c 69 63 6b 2e 6e 65 74 0a 61 6e 61 6c 79 74 69 63 73 65 6e 67 69 6e 65 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 61 66 66 69 6c 69 61 74 69 6f 6e 6a 73 2e 73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 61 64 76 65 72 74 69 73 69 6e 67 2d 61 70 69 2d 65 75 2e 61 6d 61 7a 6f 6e 2e 63 6f 6d 0a 61 6d 61 7a 6f 6e 63 6c 69 78 2e 63 6f 6d 0a 6d 6f 75 73 65 66 6c 6f 77 2e 63 6f 6d 0a 66 72 65 73 68 6d 61 72 6b 65 74 65 72 2e 63 6f 6d 0a 6c 75 63 6b 79 6f 72 61 6e 67 65 2e 63 6f 6d 0a 63 64 6e 2e 6c 75 63 6b 79 6f 72 61 6e 67 65 2e 63 6f 6d 0a 77 31 2e 6c 75 63 6b 79 6f 72 61 6e 67 65 2e 63 6f 6d 0a 75 70 6c 6f 61 64 2e 6c 75 63 6b 79 6f 72 61 6e 67 65 2e 6e 65 74 0a 63
                                                                                                                                                                                                                                        Data Ascii: ads.google.commedia.fastclick.netanalyticsengine.s3.amazonaws.comaffiliationjs.s3.amazonaws.comadvertising-api-eu.amazon.comamazonclix.commouseflow.comfreshmarketer.comluckyorange.comcdn.luckyorange.comw1.luckyorange.comupload.luckyorange.netc
                                                                                                                                                                                                                                        2024-12-09 00:03:58 UTC699INData Raw: 2e 63 6f 6d 0a 61 64 73 2e 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 0a 61 6e 61 6c 79 74 69 63 73 2e 70 6f 69 6e 74 64 72 69 76 65 2e 6c 69 6e 6b 65 64 69 6e 2e 63 6f 6d 0a 61 64 73 2d 64 65 76 2e 70 69 6e 74 65 72 65 73 74 2e 63 6f 6d 0a 61 6e 61 6c 79 74 69 63 73 2e 70 69 6e 74 65 72 65 73 74 2e 63 6f 6d 0a 77 69 64 67 65 74 73 2e 70 69 6e 74 65 72 65 73 74 2e 63 6f 6d 0a 61 64 73 2e 72 65 64 64 69 74 2e 63 6f 6d 0a 64 2e 72 65 64 64 69 74 2e 63 6f 6d 0a 72 65 72 65 64 64 69 74 2e 63 6f 6d 0a 61 6e 61 6c 79 74 69 63 73 2e 74 69 6b 74 6f 6b 2e 63 6f 6d 0a 61 64 73 2e 74 69 6b 74 6f 6b 2e 63 6f 6d 0a 61 6e 61 6c 79 74 69 63 73 2d 73 67 2e 74 69 6b 74 6f 6b 2e 63 6f 6d 0a 61 64 73 2d 73 67 2e 74 69 6b 74 6f 6b 2e 63 6f 6d 0a 61 70 70 6d 65 74 72 69 63 61 2e 79
                                                                                                                                                                                                                                        Data Ascii: .comads.linkedin.comanalytics.pointdrive.linkedin.comads-dev.pinterest.comanalytics.pinterest.comwidgets.pinterest.comads.reddit.comd.reddit.comrereddit.comanalytics.tiktok.comads.tiktok.comanalytics-sg.tiktok.comads-sg.tiktok.comappmetrica.y


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        26192.168.2.44981218.165.220.324435516C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:04:03 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:04:03 UTC485OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 36 34 31 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 36 34 31 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 34
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702641000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702641","version":"2.6.0"}, "data":{"version":"0.12.0", "downloadDate":"2024
                                                                                                                                                                                                                                        2024-12-09 00:04:04 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:04:03 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633f3-773630987b46bb3705909c86
                                                                                                                                                                                                                                        x-amzn-RequestId: 0de0934e-c36d-4fe1-926e-995e594ee6d2
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0OIEOZoAMEo4g=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 358b28eebad5be133b48dbeaa3a5bbdc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: AOPKTFiOoyilalfU9ajMm9ItY6Hu8yUadyhwosayzlU6wJ1ZZy1XXQ==
                                                                                                                                                                                                                                        2024-12-09 00:04:04 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        27192.168.2.44981418.165.220.324435516C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:04:05 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 333
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:04:05 UTC333OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 36 34 33 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 51 75 69 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 36 34 31 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 70 61 67 65 4e 61 6d 65 22 3a 22 41 64 62 6c 6f 63 6b 22 2c
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702643000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerQuit","productId":"AdblockInstaller","sessionId":"9e146be91733702641","version":"2.6.0"}, "data":{"version":"0.12.0", "pageName":"Adblock",
                                                                                                                                                                                                                                        2024-12-09 00:04:06 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:04:06 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675633f6-3de8e38c3d90c7397490d777
                                                                                                                                                                                                                                        x-amzn-RequestId: 214c5656-c4ee-462e-98ae-43dac34c46d1
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0OjEcboAMEmOg=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 197697b195c6b318459fc725f7d28906.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: b6uQmjsCVrVaYdkszVkTrG0bTHB5Tw42bfDp3S9Ki2cGti0p4IDi1w==
                                                                                                                                                                                                                                        2024-12-09 00:04:06 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        28192.168.2.44995218.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:04 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:05 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 b3dbb97569270e51c273861ab047e104.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: q1im2ljuiwEbQxy4mIex250TEYsiR3GdjE6A2etvtV_TQ7Jhjsxjag==
                                                                                                                                                                                                                                        Age: 3798
                                                                                                                                                                                                                                        2024-12-09 00:05:05 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        29192.168.2.449958104.26.15.744437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC152OUTGET /939/AdblockInstaller.exe HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.adblockfast.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC939INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:05:06 GMT
                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                        Content-Length: 14500368
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        ETag: "ef6450ab524057924408dbe29991e99e"
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:14:57 GMT
                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 5420
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N0wnmF0XRWlqX3COiXAfH4k9bM4qNR%2F0VrHIG4jD8nXCO2NYwM2kao0rMU3rKRZy7BlYKnH9J%2BiXgDBON84Pg7FrraqgOEItd9gydPaVotUDze%2F840TqEWGHiuKfEsq%2FWl8Faj9GcrlVTu8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bddd6d447295-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1980&min_rtt=1974&rtt_var=752&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=790&delivery_rate=1443400&cwnd=206&unsent_bytes=0&cid=656fcad43f1db18a&ts=452&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC430INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00 10 00 00 00
                                                                                                                                                                                                                                        Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 6c 65 56 61 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b 00 05 45 6d
                                                                                                                                                                                                                                        Data Ascii: leVariant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right|K&op_Inequality@@@Left@@Right|KEm
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 4a 00 fc ff 07 1f 40 00 4b 00 fd ff 32 1f 40 00 4a 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53
                                                                                                                                                                                                                                        Data Ascii: J@K2@J^@MTObject&\@Create@Self$\@Free@Self)|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@S
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 1f 40 00 00 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00
                                                                                                                                                                                                                                        Data Ascii: @Self@@[`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@Self
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 00 08 00 05 41 44 61 74 61 02 00 02 00 00 24 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: AData$#@HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d 52 61 77 42
                                                                                                                                                                                                                                        Data Ascii: (@Self1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@RawB
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 02 00 00 00 00 00 04 00 00 00 02 06 56 4c 6f 6e 67 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63
                                                                                                                                                                                                                                        Data Ascii: VLongsVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInterfac
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 33 40 00 14 0d 50 52 65 73 53 74 72 69 6e 67 52 65 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00 00 01 00 00
                                                                                                                                                                                                                                        Data Ascii: 3@PResStringRec83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec
                                                                                                                                                                                                                                        2024-12-09 00:05:06 UTC1369INData Raw: 68 61 73 20 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b 08 89 0a 8b
                                                                                                                                                                                                                                        Data Ascii: has occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        30192.168.2.44999018.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:17 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:18 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 fa9f306901fa36a9526beb376b34f5cc.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: gdeIXI6dSdwFdFJuWtHo7O6hnod4AoGZ5w-wa09XZ9XQeMYllFjTFg==
                                                                                                                                                                                                                                        Age: 3812
                                                                                                                                                                                                                                        2024-12-09 00:05:18 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        31192.168.2.45003018.165.220.234435124C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:34 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:05:34 UTC485OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 33 32 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 33 32 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 34
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702732000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702732","version":"2.6.0"}, "data":{"version":"0.12.0", "downloadDate":"2024
                                                                                                                                                                                                                                        2024-12-09 00:05:35 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:05:35 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-6756344e-469287224be3830616b07b10
                                                                                                                                                                                                                                        x-amzn-RequestId: cf7bef40-f32f-4dae-872c-b7de52d7c27a
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0cZEPpIAMEHmA=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 b93a2a063e3f94fe345bc08072aed022.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 5HNL1q7WRI57I5qvu6uL2EKOUAz8zhkWt8zW7boYBHkHY20uShEzuw==
                                                                                                                                                                                                                                        2024-12-09 00:05:35 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        32192.168.2.45004118.165.220.234435124C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:38 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 333
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:05:38 UTC333OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 33 34 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 51 75 69 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 33 32 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 70 61 67 65 4e 61 6d 65 22 3a 22 41 64 62 6c 6f 63 6b 22 2c
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702734000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerQuit","productId":"AdblockInstaller","sessionId":"9e146be91733702732","version":"2.6.0"}, "data":{"version":"0.12.0", "pageName":"Adblock",
                                                                                                                                                                                                                                        2024-12-09 00:05:38 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:05:38 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-67563452-7007b96a369975077e0ea47d
                                                                                                                                                                                                                                        x-amzn-RequestId: 4baee406-6523-45e2-9059-74f39c678560
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0c-ET1oAMEUpw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 70e1e87190c65708c8aabee95d16ac0c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 3_qEABCEU3U917mtt7CH34iZJqWjstVIPC328DAk6U6ucf4iF7SbDw==
                                                                                                                                                                                                                                        2024-12-09 00:05:38 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        33192.168.2.45005818.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:42 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:43 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 c8e9349b8673f322913cb659e1d72ada.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 8qpZGfjStV2t_DGvyPjp1pzwrzJW03S9zX-m8IVSuLFDF56LeiZghA==
                                                                                                                                                                                                                                        Age: 3836
                                                                                                                                                                                                                                        2024-12-09 00:05:43 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        34192.168.2.450064104.26.15.744437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC152OUTGET /939/AdblockInstaller.exe HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.adblockfast.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC935INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:05:44 GMT
                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                        Content-Length: 14500368
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        ETag: "ef6450ab524057924408dbe29991e99e"
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:14:57 GMT
                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 5458
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjpqWvWpcXFy8VhZTBhFXOey0RfsRqltsjTaI45SJB1ry6SDPMCMcnhQtuK0F0bpPGLT9AIuDmrKJ5RDaRj6C6ZBoF6mt5YpiKwiIQJCtP0j%2BEs530ZCBDSV3GKEi%2FasuGDh1CtwaHNkj9o%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bec96c0f434f-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1711&rtt_var=645&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=790&delivery_rate=1692753&cwnd=209&unsent_bytes=0&cid=5e748443a64e56db&ts=453&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC434INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00 10 00 00 00 8e 0b 00 00
                                                                                                                                                                                                                                        Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b 00 05 45 6d 70 74 79 00
                                                                                                                                                                                                                                        Data Ascii: riant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right|K&op_Inequality@@@Left@@Right|KEmpty
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 07 1f 40 00 4b 00 fd ff 32 1f 40 00 4a 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02
                                                                                                                                                                                                                                        Data Ascii: @K2@J^@MTObject&\@Create@Self$\@Free@Self)|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@Self
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00
                                                                                                                                                                                                                                        Data Ascii: Self@@[`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@Self
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 41 44 61 74 61 02 00 02 00 00 24 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00 00 00 00 00 01 00 00 00
                                                                                                                                                                                                                                        Data Ascii: AData$#@HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d 52 61 77 42 79 74 65 53
                                                                                                                                                                                                                                        Data Ascii: @Self1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@RawByteS
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 00 00 04 00 00 00 02 06 56 4c 6f 6e 67 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63 65 07 74 6b
                                                                                                                                                                                                                                        Data Ascii: VLongsVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInterfacetk
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 0d 50 52 65 73 53 74 72 69 6e 67 52 65 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00 00 01 00 00 00 9c 11 40
                                                                                                                                                                                                                                        Data Ascii: PResStringRec83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec@
                                                                                                                                                                                                                                        2024-12-09 00:05:44 UTC1369INData Raw: 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a
                                                                                                                                                                                                                                        Data Ascii: occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@HJ


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        35192.168.2.45009218.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:05:53 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:05:54 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 91c765f98e441d70899402f8a830d8b2.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: S6F7ZEoJ9QjwjGjw8H5eew0CmDOiNG8fUtUfBpU4ewOd8eFDvZWBVQ==
                                                                                                                                                                                                                                        Age: 3848
                                                                                                                                                                                                                                        2024-12-09 00:05:54 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        36192.168.2.45011918.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:07 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:08 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 4214f1deb3d2a013e97687dc6dcb5be0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 3Hz9vMiFuGXz7EM82-kGEKW1cua9QjMaCgLurw6P6UF6z9sEDm3BxA==
                                                                                                                                                                                                                                        Age: 3862
                                                                                                                                                                                                                                        2024-12-09 00:06:08 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        37192.168.2.450120104.26.15.744437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:09 UTC152OUTGET /939/AdblockInstaller.exe HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.adblockfast.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC943INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:10 GMT
                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                        Content-Length: 14500368
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        ETag: "ef6450ab524057924408dbe29991e99e"
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:14:57 GMT
                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 5484
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZ1nauxFmctmj%2Fouq1Y1xH%2FI98qoa9KIv0xtg2L%2Begao5wJHtf2i62YL8Zu1d5DdnCIoV%2BwpBXYm6BMWil1Rl0D721LtCXKkhwhVqXCzyri3%2B0mMxqzlQ0%2B3t2D4D5gyytESwe5TTYIUhB8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0bf68ea6f0f85-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1486&min_rtt=1478&rtt_var=571&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=790&delivery_rate=1886304&cwnd=204&unsent_bytes=0&cid=ccd8fa1fba7a9f44&ts=454&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC426INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00
                                                                                                                                                                                                                                        Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 00 0c 0a 4f 6c 65 56 61 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b
                                                                                                                                                                                                                                        Data Ascii: OleVariant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right|K&op_Inequality@@@Left@@Right|K
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: c8 1e 40 00 4a 00 fc ff 07 1f 40 00 4b 00 fd ff 32 1f 40 00 4a 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00
                                                                                                                                                                                                                                        Data Ascii: @J@K2@J^@MTObject&\@Create@Self$\@Free@Self)|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02
                                                                                                                                                                                                                                        Data Ascii: @Self@@[`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@Self
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 24 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: @AData$#@HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d
                                                                                                                                                                                                                                        Data Ascii: (@Self1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 63 6f 72 64 02 00 00 00 00 00 04 00 00 00 02 06 56 4c 6f 6e 67 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65
                                                                                                                                                                                                                                        Data Ascii: cordVLongsVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInte
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 00 00 00 20 33 40 00 14 0d 50 52 65 73 53 74 72 69 6e 67 52 65 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: 3@PResStringRec83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC1369INData Raw: 65 61 6b 20 68 61 73 20 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b
                                                                                                                                                                                                                                        Data Ascii: eak has occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        38192.168.2.45012118.165.220.754431312C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:06:10 UTC485OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 36 38 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 36 38 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 34
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702768000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702768","version":"2.6.0"}, "data":{"version":"0.12.0", "downloadDate":"2024
                                                                                                                                                                                                                                        2024-12-09 00:06:11 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:11 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-67563473-52fab7e4140656b03d1b6766
                                                                                                                                                                                                                                        x-amzn-RequestId: 843f2794-16dd-46c1-9ac3-960cf9a095a0
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0iEGMaoAMEKXw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 90772e5ec48c9653874b9b06fe89ab50.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: RyYkitHVf5y7M5xV6W29R-rHKu_eBL0v65aKYyJSmnZKyoY9Ozhayw==
                                                                                                                                                                                                                                        2024-12-09 00:06:11 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        39192.168.2.45012318.165.220.754431312C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:14 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 333
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:06:14 UTC333OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 37 31 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 51 75 69 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 36 38 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 70 61 67 65 4e 61 6d 65 22 3a 22 41 64 62 6c 6f 63 6b 22 2c
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702771000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerQuit","productId":"AdblockInstaller","sessionId":"9e146be91733702768","version":"2.6.0"}, "data":{"version":"0.12.0", "pageName":"Adblock",
                                                                                                                                                                                                                                        2024-12-09 00:06:15 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:14 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-67563476-4d9275fc1c4c29802aeea6f9
                                                                                                                                                                                                                                        x-amzn-RequestId: f6d76c54-b5e1-4b6c-8816-8d09e6aea076
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0ipHc6IAMEabA=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 f0e28236e1c4da7e6a02d601c5d0ceca.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: RLno-ImFN1C05DuD2-TB3ePOJoe5Io7mkrl1osIS5R242o_YSKiDfA==
                                                                                                                                                                                                                                        2024-12-09 00:06:15 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        40192.168.2.45013018.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:16 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:17 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 4214f1deb3d2a013e97687dc6dcb5be0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: AQ0cYyjq4MrRxqccBIhsYcQo9spX3VtDZOzhPcc4gFIKyq3aEA-G6Q==
                                                                                                                                                                                                                                        Age: 3871
                                                                                                                                                                                                                                        2024-12-09 00:06:17 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        41192.168.2.45013718.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:31 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:32 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 1bf6ea4837f8cd88590dc123580561e4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: S6_ESYNmPKebibw3UWELJdljH85KCHn-6K3EJDNpdREIL1KkW3uRTA==
                                                                                                                                                                                                                                        Age: 3886
                                                                                                                                                                                                                                        2024-12-09 00:06:32 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        42192.168.2.45014418.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:34 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:34 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 1241383d78ff446be9051642d11fa7a8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: yRPTxuK0gdTYuHIti2X2kXcEG_pFOmN6yJtY-cBq7xYEd7tgkX7hcQ==
                                                                                                                                                                                                                                        Age: 3888
                                                                                                                                                                                                                                        2024-12-09 00:06:34 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        43192.168.2.45014518.165.220.754432852C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:35 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:06:35 UTC485OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 39 33 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 34
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702793000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702793","version":"2.6.0"}, "data":{"version":"0.12.0", "downloadDate":"2024
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:36 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-6756348c-3a76994e0dc5bc803193603a
                                                                                                                                                                                                                                        x-amzn-RequestId: 7d05e38c-057e-4752-ad1e-4b3ec213cc26
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0l9EudIAMEgCg=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 8192d9c2a41eb0d51bafc2c7271a2a64.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: _Yz_H5Z7ZNEkhzwTfilsszrfi-ubewvYnEI780IKPFgEvMl_iK1XpA==
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        44192.168.2.450146104.26.15.744437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC152OUTGET /939/AdblockInstaller.exe HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.adblockfast.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC935INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:36 GMT
                                                                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                                                                        Content-Length: 14500368
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        ETag: "ef6450ab524057924408dbe29991e99e"
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:14:57 GMT
                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 5510
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TYAwdF%2BUocd1rCiHTlXK6CWGYWxFd3sP%2BIvF7tS8pMTnpTY9hYLZbgv6rc8Lwq9KO55V6JMFMS65fVwM3qRQYgFmOT3XWrLpt64r3nVdWAk5IhUvYcnr1RTtSftlzPwGsx7uaaQIUqyNMes%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8ef0c00facd07c8e-EWR
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1976&min_rtt=1963&rtt_var=763&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2839&recv_bytes=790&delivery_rate=1409946&cwnd=248&unsent_bytes=0&cid=f3693324254da268&ts=454&x=0"
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC434INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 0c 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 22 0c 00 54 02 00 00 00 30 0c 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 e4 39 0b 00 00 10 00 00 00 3a 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 88 16 00 00 00 50 0b 00 00 18 00 00 00 3e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 37 00 00 00 70 0b 00 00 38 00 00 00 56 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 e8 6d 00 00 00 b0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 dc 0f 00 00 00 20 0c 00 00 10 00 00 00 8e 0b 00 00
                                                                                                                                                                                                                                        Data Ascii: `"T0.text9: `.itextP> `.data7p8V@.bssm.idata
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 72 69 61 6e 74 02 00 00 00 18 13 40 00 13 06 54 43 6c 61 73 73 88 1f 40 00 02 00 00 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 05 00 0b f4 ca 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 18 7c 4b 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 18 7c 4b 00 05 45 6d 70 74 79 00
                                                                                                                                                                                                                                        Data Ascii: riant@TClass@,@HRESULTD@TGUID@D1@D2@D3D4@&op_Equality@@@Left@@Right|K&op_Inequality@@@Left@@Right|KEmpty
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 07 1f 40 00 4b 00 fd ff 32 1f 40 00 4a 00 fe ff 5e 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 5c 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 5c 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 18 7c 4b 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 5c 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 4c 5d 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02
                                                                                                                                                                                                                                        Data Ascii: @K2@J^@MTObject&\@Create@Self$\@Free@Self)|KDisposeOf@Self>\@InitInstance@Self@Instance/L]@CleanupInstance@Self
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 00 04 53 65 6c 66 02 00 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 0c 60 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 08 88 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 2c 60 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 30 60 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 34 60 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 88 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00
                                                                                                                                                                                                                                        Data Ascii: Self@@[`@SafeCallException(@@Self@ExceptObject@ExceptAddr1,`@AfterConstruction@Self10`@BeforeDestruction@Self94`@Dispatch@Self
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 41 44 61 74 61 02 00 02 00 00 24 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 80 22 40 00 20 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 54 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 54 24 40 00 02 00 68 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 88 23 40 00 02 00 00 8c 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 64 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 f4 23 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53 70 69 6e 4c 6f 63 6b 04 00 00 00 00 00 00 00 00 01 00 00 00
                                                                                                                                                                                                                                        Data Ascii: AData$#@HPPGENAttribute"@ @SystemT#@PMonitorT$@h#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThreadd#@Next@Thread@WaitEvent#@TMonitor.TSpinLock
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec c5 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 d8 28 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 c6 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 88 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 dc 28 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 f4 27 40 00 88 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 0f 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 c5 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 38 29 40 00 14 0c 50 53 68 6f 72 74 53 74 72 69 6e 67 e4 11 40 00 02 00 50 29 40 00 0a 0a 55 54 46 38 53 74 72 69 6e 67 e9 fd 02 00 64 29 40 00 0a 0d 52 61 77 42 79 74 65 53
                                                                                                                                                                                                                                        Data Ascii: @Self1@BeforeDestruction(@Self+@NewInstance@Self(@TInterfacedObject'@@System)@@@RefCount8)@PShortString@P)@UTF8Stringd)@RawByteS
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 00 00 04 00 00 00 02 06 56 4c 6f 6e 67 73 02 00 00 00 00 00 02 00 00 00 02 06 56 57 6f 72 64 73 02 00 00 00 00 00 02 00 00 00 02 06 56 42 79 74 65 73 02 00 00 00 00 00 00 00 00 00 02 07 52 61 77 44 61 74 61 02 00 02 00 00 00 00 18 2e 40 00 03 09 54 54 79 70 65 4b 69 6e 64 01 00 00 00 00 16 00 00 00 14 2e 40 00 09 74 6b 55 6e 6b 6e 6f 77 6e 09 74 6b 49 6e 74 65 67 65 72 06 74 6b 43 68 61 72 0d 74 6b 45 6e 75 6d 65 72 61 74 69 6f 6e 07 74 6b 46 6c 6f 61 74 08 74 6b 53 74 72 69 6e 67 05 74 6b 53 65 74 07 74 6b 43 6c 61 73 73 08 74 6b 4d 65 74 68 6f 64 07 74 6b 57 43 68 61 72 09 74 6b 4c 53 74 72 69 6e 67 09 74 6b 57 53 74 72 69 6e 67 09 74 6b 56 61 72 69 61 6e 74 07 74 6b 41 72 72 61 79 08 74 6b 52 65 63 6f 72 64 0b 74 6b 49 6e 74 65 72 66 61 63 65 07 74 6b
                                                                                                                                                                                                                                        Data Ascii: VLongsVWordsVBytesRawData.@TTypeKind.@tkUnknowntkIntegertkChartkEnumerationtkFloattkStringtkSettkClasstkMethodtkWChartkLStringtkWStringtkVarianttkArraytkRecordtkInterfacetk
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 0d 50 52 65 73 53 74 72 69 6e 67 52 65 63 38 33 40 00 02 00 00 00 00 3c 33 40 00 0e 0d 54 52 65 73 53 74 72 69 6e 67 52 65 63 08 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 06 4d 6f 64 75 6c 65 02 00 70 11 40 00 04 00 00 00 02 0a 49 64 65 6e 74 69 66 69 65 72 02 00 02 00 00 00 88 33 40 00 03 0d 54 46 6c 6f 61 74 53 70 65 63 69 61 6c 01 00 00 00 00 08 00 00 00 84 33 40 00 06 66 73 5a 65 72 6f 07 66 73 4e 5a 65 72 6f 0a 66 73 44 65 6e 6f 72 6d 61 6c 0b 66 73 4e 44 65 6e 6f 72 6d 61 6c 0a 66 73 50 6f 73 69 74 69 76 65 0a 66 73 4e 65 67 61 74 69 76 65 05 66 73 49 6e 66 06 66 73 4e 49 6e 66 05 66 73 4e 61 4e 06 53 79 73 74 65 6d 02 00 00 34 40 00 0e 0e 54 45 78 74 65 6e 64 65 64 38 30 52 65 63 0a 00 00 00 00 00 00 00 00 01 00 00 00 9c 11 40
                                                                                                                                                                                                                                        Data Ascii: PResStringRec83@<3@TResStringRecModulep@Identifier3@TFloatSpecial3@fsZerofsNZerofsDenormalfsNDenormalfsPositivefsNegativefsInffsNInffsNaNSystem4@TExtended80Rec@
                                                                                                                                                                                                                                        2024-12-09 00:06:36 UTC1369INData Raw: 6f 63 63 75 72 72 65 64 2e 20 00 00 00 00 54 68 65 20 75 6e 65 78 70 65 63 74 65 64 20 73 6d 61 6c 6c 20 62 6c 6f 63 6b 20 6c 65 61 6b 73 20 61 72 65 3a 0d 0a 00 54 68 65 20 73 69 7a 65 73 20 6f 66 20 75 6e 65 78 70 65 63 74 65 64 20 6c 65 61 6b 65 64 20 6d 65 64 69 75 6d 20 61 6e 64 20 6c 61 72 67 65 20 62 6c 6f 63 6b 73 20 61 72 65 3a 20 00 00 00 00 20 62 79 74 65 73 3a 20 00 00 00 00 55 6e 6b 6e 6f 77 6e 00 41 6e 73 69 53 74 72 69 6e 67 00 00 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 00 00 00 0d 0a 00 00 55 6e 65 78 70 65 63 74 65 64 20 4d 65 6d 6f 72 79 20 4c 65 61 6b 00 00 8b 08 89 0a 8b 48 04 8b 40 08 89 4a 04 89 42 08 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a 04 8b 48 08 89 4a 08 8b 48 0c 8b 40 10 89 4a 0c 89 42 10 c3 8d 40 00 8b 08 89 0a 8b 48 04 89 4a
                                                                                                                                                                                                                                        Data Ascii: occurred. The unexpected small block leaks are:The sizes of unexpected leaked medium and large blocks are: bytes: UnknownAnsiStringUnicodeStringUnexpected Memory LeakH@JB@HJHJH@JB@HJ


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        45192.168.2.45014718.165.220.754432852C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:38 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 333
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:06:38 UTC333OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 37 39 36 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 51 75 69 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 37 39 33 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 70 61 67 65 4e 61 6d 65 22 3a 22 41 64 62 6c 6f 63 6b 22 2c
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702796000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerQuit","productId":"AdblockInstaller","sessionId":"9e146be91733702793","version":"2.6.0"}, "data":{"version":"0.12.0", "pageName":"Adblock",
                                                                                                                                                                                                                                        2024-12-09 00:06:38 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:06:38 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-6756348e-504b0c6c3b12e8b47294da2f
                                                                                                                                                                                                                                        x-amzn-RequestId: 2c99a3ce-cf83-4c47-91c4-596495b75510
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0mVH8uoAMERkA=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 ad4641cb3263eb2a4233d70631a033f6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: knFVbP163Qr7M9YvaO-g35v4F_JWR1IAKTgT5l8udHJYBufjWr9xjg==
                                                                                                                                                                                                                                        2024-12-09 00:06:38 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        46192.168.2.45015418.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:41 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:42 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 4214f1deb3d2a013e97687dc6dcb5be0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: Vsmm3twzWq5TEZm_rD4TYFOaTCI_2PH9kazpIRqh6hnshtJYFZGpUA==
                                                                                                                                                                                                                                        Age: 3896
                                                                                                                                                                                                                                        2024-12-09 00:06:42 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        47192.168.2.45016118.66.161.1054437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:06:50 UTC170OUTGET /adblockfast/marketator/windows/appcast.xml HTTP/1.1
                                                                                                                                                                                                                                        User-Agent: Adblock/0.3.2 WinSparkle/0.7.0 (Win64)
                                                                                                                                                                                                                                        Host: downloads.joinmassive.com
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        2024-12-09 00:06:51 UTC494INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                        Content-Length: 1047
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Last-Modified: Wed, 27 Mar 2024 15:18:13 GMT
                                                                                                                                                                                                                                        x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                                                                        Date: Sun, 08 Dec 2024 23:01:47 GMT
                                                                                                                                                                                                                                        ETag: "a48b2f085c3dc38d7e60a54dfb39a493"
                                                                                                                                                                                                                                        X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 c3ae0fb6fa0fe401f27d2841c609ccee.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH52-C1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: EpWrNGykPL5pVlAMFQiUR86MGwTGyF8KyxZinAsPo0WsQ-24Cw7Wdw==
                                                                                                                                                                                                                                        Age: 3904
                                                                                                                                                                                                                                        2024-12-09 00:06:51 UTC1047INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 49 53 4f 2d 38 38 35 39 2d 31 22 3f 3e 0d 0a 3c 72 73 73 20 78 6d 6c 6e 73 3a 73 70 61 72 6b 6c 65 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 64 79 6d 61 74 75 73 63 68 61 6b 2e 6f 72 67 2f 78 6d 6c 2d 6e 61 6d 65 73 70 61 63 65 73 2f 73 70 61 72 6b 6c 65 22 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 20 20 20 20 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 41 64 62 6c 6f 63 6b 20 46 61 73 74 20 66 6f 72 20 57 69 6e 64 6f 77 73 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 2e 6a 6f 69 6e 6d 61 73 73 69 76 65 2e 63 6f 6d 2f 61 64 62 6c 6f 63 6b 66 61
                                                                                                                                                                                                                                        Data Ascii: <?xml version="1.0" encoding="ISO-8859-1"?><rss xmlns:sparkle="http://www.andymatuschak.org/xml-namespaces/sparkle" version="2.0"> <channel> <title>Adblock Fast for Windows</title> <link>https://downloads.joinmassive.com/adblockfa


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        48192.168.2.45016218.165.220.754432004C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:07:03 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 485
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:07:03 UTC485OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 38 32 30 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 53 74 61 72 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 38 32 30 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 64 6f 77 6e 6c 6f 61 64 44 61 74 65 22 3a 22 32 30 32 34
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702820000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerStart","productId":"AdblockInstaller","sessionId":"9e146be91733702820","version":"2.6.0"}, "data":{"version":"0.12.0", "downloadDate":"2024
                                                                                                                                                                                                                                        2024-12-09 00:07:04 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:07:03 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675634a7-4aeddeea340e2d7a4307e3ab
                                                                                                                                                                                                                                        x-amzn-RequestId: 56280af3-c89b-49f1-9931-56b89de26fc3
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0qSFLBIAMEiWg=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 fb6afc857f0eaed863f06738b3882546.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: I00TVU6j688dJaTdBpuJoRssqVohxmNljXRDvEJ3Zeh5HxHYuiUpXg==
                                                                                                                                                                                                                                        2024-12-09 00:07:04 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        49192.168.2.45016418.165.220.754432004C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:07:07 UTC262OUTPOST /telemetry?source=installer&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/json; Charset=UTF-8
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        User-Agent: InnoSetup
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 333
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        2024-12-09 00:07:07 UTC333OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 33 37 30 32 38 32 33 30 30 30 2c 20 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 74 79 70 65 22 3a 22 49 6e 66 6f 22 2c 22 6e 61 6d 65 22 3a 22 49 6e 73 74 61 6c 6c 65 72 51 75 69 74 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 41 64 62 6c 6f 63 6b 49 6e 73 74 61 6c 6c 65 72 22 2c 22 73 65 73 73 69 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 31 37 33 33 37 30 32 38 32 30 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 32 2e 36 2e 30 22 7d 2c 20 22 64 61 74 61 22 3a 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 31 32 2e 30 22 2c 20 22 70 61 67 65 4e 61 6d 65 22 3a 22 41 64 62 6c 6f 63 6b 22 2c
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1733702823000, "info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","type":"Info","name":"InstallerQuit","productId":"AdblockInstaller","sessionId":"9e146be91733702820","version":"2.6.0"}, "data":{"version":"0.12.0", "pageName":"Adblock",
                                                                                                                                                                                                                                        2024-12-09 00:07:07 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 20
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:07:07 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675634ab-4809554f3c3f191044536ddf
                                                                                                                                                                                                                                        x-amzn-RequestId: 2b64b8e9-b53d-41d3-ad46-2fb415b94ac4
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0q2GxpoAMEBGw=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 47ee4fe14f23efe91f211cb8c7e62ea8.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: zdJfj-RAr3MeVd2LfJVdV7cSrp0_BsNlHff5QHnBGYX1hph_4UOO7w==
                                                                                                                                                                                                                                        2024-12-09 00:07:07 UTC20INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 53 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                                        Data Ascii: {"status":"Success"}


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        50192.168.2.45017018.165.220.234437932C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-09 00:07:20 UTC256OUTPOST /telemetry/ping?source=app&productId=adblockfast&distId=marketator&env=prod HTTP/1.1
                                                                                                                                                                                                                                        Host: api.joinmassive.com
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        x-api-key: vdHv1LwOhm9xuH340hel68pg6cW5X5T96CjMZrof
                                                                                                                                                                                                                                        Content-Length: 315
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        2024-12-09 00:07:20 UTC315OUTData Raw: 7b 22 40 74 69 6d 65 73 74 61 6d 70 22 3a 31 37 33 35 37 36 39 34 38 37 30 34 31 2c 22 64 61 74 61 22 3a 7b 22 61 63 74 69 76 65 54 69 6d 65 22 3a 32 33 34 32 2c 22 64 69 73 74 49 64 22 3a 22 6d 61 72 6b 65 74 61 74 6f 72 22 2c 22 70 6f 73 74 62 61 63 6b 49 64 22 3a 22 33 38 30 39 35 39 65 61 2d 37 33 31 32 2d 34 34 39 32 2d 39 38 38 31 2d 35 34 30 65 38 30 30 33 35 65 30 66 22 2c 22 70 75 62 6c 69 73 68 65 72 49 64 22 3a 22 37 34 31 22 7d 2c 22 69 6e 66 6f 22 3a 7b 22 61 6e 6f 6e 49 64 22 3a 22 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 22 2c 22 6e 61 6d 65 22 3a 22 41 63 74 69 76 69 74 79 50 69 6e 67 22 2c 22 70 72 6f 64 75 63 74 49 64 22 3a 22 61 64 62 6c 6f 63 6b 66 61 73 74 22 2c 22 73
                                                                                                                                                                                                                                        Data Ascii: {"@timestamp":1735769487041,"data":{"activeTime":2342,"distId":"marketator","postbackId":"380959ea-7312-4492-9881-540e80035e0f","publisherId":"741"},"info":{"anonId":"9e146be9-c76a-4720-bcdb-53011b87bd06","name":"ActivityPing","productId":"adblockfast","s
                                                                                                                                                                                                                                        2024-12-09 00:07:21 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                                        Content-Length: 16
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Date: Mon, 09 Dec 2024 00:07:20 GMT
                                                                                                                                                                                                                                        X-Amzn-Trace-Id: Root=1-675634b8-413271d0497e33be08dc94d7
                                                                                                                                                                                                                                        x-amzn-RequestId: 0a6eea9b-450e-41c1-afec-9e7a77f35099
                                                                                                                                                                                                                                        x-amz-apigw-id: Cf0s8FKhoAMEb-Q=
                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                        Via: 1.1 1c642e00a55bc084d1dd63dc30d4a59a.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                        X-Amz-Cf-Pop: BAH53-P1
                                                                                                                                                                                                                                        X-Amz-Cf-Id: 21qiRh1yyoENwEqtHRw30bYMyxUlVeaQq8hOByzMQG3YjxXRZY4Jsw==
                                                                                                                                                                                                                                        2024-12-09 00:07:21 UTC16INData Raw: 7b 22 69 6e 74 65 72 76 61 6c 22 3a 36 30 30 7d
                                                                                                                                                                                                                                        Data Ascii: {"interval":600}


                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                        Start time:19:03:09
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\Software_Tool.exe"
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:16'489'120 bytes
                                                                                                                                                                                                                                        MD5 hash:9AF27765527617E9D75B5EE6B418C8D6
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:19:03:10
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:16'421'784 bytes
                                                                                                                                                                                                                                        MD5 hash:8D7DB88F1FB9C7308F7368AE65E3F0EF
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 38%, ReversingLabs
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                        Start time:19:03:10
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp" /SL5="$10472,15557677,792064,C:\Users\user\AppData\Local\Temp\sibCCCF.tmp\0\AdblockInstaller.exe" /pid=741
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'137'376 bytes
                                                                                                                                                                                                                                        MD5 hash:1228C03BA840482EAC14E25B727F65B5
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 2%, ReversingLabs
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                        Start time:19:03:11
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                        Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                        Start time:19:03:22
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\taskkill.exe" /f /im Adblock.exe
                                                                                                                                                                                                                                        Imagebase:0xe40000
                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                        Start time:19:03:22
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Programs\Adblock\Adblock.exe" --installerSessionId=9e146be91733702593 --downloadDate=2022-12-17T04:04:11 --distId=marketator --pid=741
                                                                                                                                                                                                                                        Imagebase:0x800000
                                                                                                                                                                                                                                        File size:5'698'400 bytes
                                                                                                                                                                                                                                        MD5 hash:C7119E2A05DB13F4888321D28E215C07
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"cmd.exe" /c "reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f"
                                                                                                                                                                                                                                        Imagebase:0x7ff7aaa40000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:reg copy HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /s /f
                                                                                                                                                                                                                                        Imagebase:0x7ff70b910000
                                                                                                                                                                                                                                        File size:77'312 bytes
                                                                                                                                                                                                                                        MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\crashpad_handler.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\414f9625-3a8c-41b0-3597-6dcd24f5967d.run\__sentry-breadcrumb2" --initial-client-data=0x404,0x408,0x40c,0x3d8,0x410,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
                                                                                                                                                                                                                                        Imagebase:0x7ff7fe6a0000
                                                                                                                                                                                                                                        File size:935'264 bytes
                                                                                                                                                                                                                                        MD5 hash:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:"cmd.exe" /c "reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f"
                                                                                                                                                                                                                                        Imagebase:0x7ff7aaa40000
                                                                                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                        Start time:19:03:26
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\reg.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{bf5b0da9-8494-48d2-811b-39ea7a64d8e0}_is1 /f
                                                                                                                                                                                                                                        Imagebase:0x7ff70b910000
                                                                                                                                                                                                                                        File size:77'312 bytes
                                                                                                                                                                                                                                        MD5 hash:227F63E1D9008B36BDBCC4B397780BE4
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                        Start time:19:03:29
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\taskkill.exe" /f /im MassiveEngine.exe
                                                                                                                                                                                                                                        Imagebase:0xe40000
                                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                        Start time:19:03:29
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                        Start time:19:03:32
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\Adblock.exe --autorun
                                                                                                                                                                                                                                        Imagebase:0x7ff704050000
                                                                                                                                                                                                                                        File size:5'698'400 bytes
                                                                                                                                                                                                                                        MD5 hash:C7119E2A05DB13F4888321D28E215C07
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                        Start time:19:03:33
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\crashpad_handler.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\892bf85d-5afd-46c7-838f-b70cbb12bef9.run\__sentry-breadcrumb2" --initial-client-data=0x3b8,0x3ec,0x3f0,0x3c4,0x3f4,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
                                                                                                                                                                                                                                        Imagebase:0x7ff7fe6a0000
                                                                                                                                                                                                                                        File size:935'264 bytes
                                                                                                                                                                                                                                        MD5 hash:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                        Start time:19:03:40
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\netsh.exe firewall add allowedprogram "C:\Users\user\Programs\Adblock\DnsService.exe" AdBlockFast ENABLE
                                                                                                                                                                                                                                        Imagebase:0x7ff7b22b0000
                                                                                                                                                                                                                                        File size:96'768 bytes
                                                                                                                                                                                                                                        MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                        Start time:19:03:40
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\DnsService.exe -install
                                                                                                                                                                                                                                        Imagebase:0x7ff61a920000
                                                                                                                                                                                                                                        File size:3'175'264 bytes
                                                                                                                                                                                                                                        MD5 hash:97A08C6366F4589739209FDB43B4B3EC
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                        Start time:19:03:41
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\DnsService.exe -start
                                                                                                                                                                                                                                        Imagebase:0x7ff61a920000
                                                                                                                                                                                                                                        File size:3'175'264 bytes
                                                                                                                                                                                                                                        MD5 hash:97A08C6366F4589739209FDB43B4B3EC
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                                        Start time:19:03:41
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\DnsService.exe
                                                                                                                                                                                                                                        Imagebase:0x7ff61a920000
                                                                                                                                                                                                                                        File size:3'175'264 bytes
                                                                                                                                                                                                                                        MD5 hash:97A08C6366F4589739209FDB43B4B3EC
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:28
                                                                                                                                                                                                                                        Start time:19:03:47
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\Adblock.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\Adblock.exe --autorun
                                                                                                                                                                                                                                        Imagebase:0x7ff704050000
                                                                                                                                                                                                                                        File size:5'698'400 bytes
                                                                                                                                                                                                                                        MD5 hash:C7119E2A05DB13F4888321D28E215C07
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                        Start time:19:03:47
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Programs\Adblock\crashpad_handler.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:C:\Users\user\Programs\Adblock\crashpad_handler.exe --no-rate-limit "--database=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" "--metrics-dir=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps" --url=https://o428832.ingest.sentry.io:443/api/5420194/minidump/?sentry_client=sentry.native/0.4.12&sentry_key=06798e99d7ee416faaf4e01cd2f1faaf "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-event" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb1" "--attachment=C:\Users\user\AppData\Roaming\Adblock Fast\crashdumps\4f1ee8ad-f648-42a0-84cd-aa48201ba6e3.run\__sentry-breadcrumb2" --initial-client-data=0x3e0,0x3e4,0x3e8,0x2dc,0x3ec,0x7ff7043dbdd0,0x7ff7043dbdf0,0x7ff7043dbe08
                                                                                                                                                                                                                                        Imagebase:0x7ff7fe6a0000
                                                                                                                                                                                                                                        File size:935'264 bytes
                                                                                                                                                                                                                                        MD5 hash:CD2E0167F2E1092816F04BC174C13364
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                        Start time:19:03:58
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:14'500'368 bytes
                                                                                                                                                                                                                                        MD5 hash:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                        Start time:19:03:59
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-ORAD7.tmp\AdblockInstaller.tmp" /SL5="$404FC,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-f9a893af-27a4-4488-9c6d-783c7d287a89\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'140'440 bytes
                                                                                                                                                                                                                                        MD5 hash:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                        Start time:19:05:30
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:14'500'368 bytes
                                                                                                                                                                                                                                        MD5 hash:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                        Start time:19:05:30
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-U8PSD.tmp\AdblockInstaller.tmp" /SL5="$C0254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-dfee793e-297d-42d2-b616-4dbdea78ddcf\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'140'440 bytes
                                                                                                                                                                                                                                        MD5 hash:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                        Start time:19:06:06
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:14'500'368 bytes
                                                                                                                                                                                                                                        MD5 hash:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                        Start time:19:06:06
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-L7L2V.tmp\AdblockInstaller.tmp" /SL5="$140254,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-cdacc1b8-9371-4b3c-8b87-e89d4cef668a\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'140'440 bytes
                                                                                                                                                                                                                                        MD5 hash:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                        Start time:19:06:32
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:14'500'368 bytes
                                                                                                                                                                                                                                        MD5 hash:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                        Start time:19:06:32
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-DR22G.tmp\AdblockInstaller.tmp" /SL5="$904E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-1e543551-baf7-43ec-9b00-2d605b159d09\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'140'440 bytes
                                                                                                                                                                                                                                        MD5 hash:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                        Start time:19:06:58
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:14'500'368 bytes
                                                                                                                                                                                                                                        MD5 hash:EF6450AB524057924408DBE29991E99E
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 8%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                        Start time:19:06:59
                                                                                                                                                                                                                                        Start date:08/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\is-ML4IC.tmp\AdblockInstaller.tmp" /SL5="$1104E6,13644040,792064,C:\Users\user\AppData\Local\Temp\Update-74140fec-9303-423c-852a-3018c27d3dc1\AdblockInstaller.exe" /SP- /VERYSILENT /NOICONS /SUPPRESSMSGBOXES /UPDATE
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        File size:3'140'440 bytes
                                                                                                                                                                                                                                        MD5 hash:F5FE7ED5E8DCD06DD915D9D1015F63F9
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:Borland Delphi
                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:8.7%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:8.7%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:39
                                                                                                                                                                                                                                          execution_graph 55091 4023f0 55092 402403 55091->55092 55093 4024da 55091->55093 55119 40145c 55092->55119 55095 404f9e 25 API calls 55093->55095 55101 4024f1 55095->55101 55097 40145c 18 API calls 55098 402413 55097->55098 55099 402429 LoadLibraryExW 55098->55099 55100 40241b GetModuleHandleW 55098->55100 55102 40243e 55099->55102 55103 4024ce 55099->55103 55100->55099 55100->55102 55124 406391 GlobalAlloc WideCharToMultiByte 55102->55124 55105 404f9e 25 API calls 55103->55105 55105->55093 55106 402449 55107 40248c 55106->55107 55108 40244f 55106->55108 55109 404f9e 25 API calls 55107->55109 55110 402457 55108->55110 55111 40246e 55108->55111 55112 402496 55109->55112 55188 401435 25 API calls 55110->55188 55127 6e17f9f0 55111->55127 55170 6e17fbc0 55111->55170 55189 4062cf lstrlenW wvsprintfW 55112->55189 55115 40245f 55115->55101 55116 4024c0 FreeLibrary 55115->55116 55116->55101 55120 406831 18 API calls 55119->55120 55121 401488 55120->55121 55122 401497 55121->55122 55123 406064 5 API calls 55121->55123 55122->55097 55123->55122 55125 4063c9 GlobalFree 55124->55125 55126 4063bc GetProcAddress 55124->55126 55125->55106 55126->55125 55128 6e17fa17 55127->55128 55192 6e158ff0 55128->55192 55130 6e17fa20 55200 6e158fd0 55130->55200 55132 6e17fa32 55133 6e158ff0 _Error_objects 63 API calls 55132->55133 55134 6e17fa51 55133->55134 55203 6e155910 55134->55203 55136 6e17fa57 ISource 55206 6e17fde0 55136->55206 55142 6e17fb1b 55143 6e17fbcc 55142->55143 55250 6e1801f0 26 API calls 55142->55250 55221 6e1a1773 55143->55221 55145 6e17fabf std::ios_base::good 55145->55142 55246 6e180080 16 API calls 2 library calls 55145->55246 55247 6e156db0 55145->55247 55148 6e17fbdd WaitForSingleObject CloseHandle 55149 6e17fc02 55148->55149 55150 6e17fc53 ISource 55148->55150 55149->55150 55260 6e155c30 27 API calls 4 library calls 55149->55260 55152 6e17fc70 55150->55152 55153 6e17fc79 55150->55153 55264 6e17f9b0 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 55152->55264 55156 6e17fc77 ISource 55153->55156 55265 6e17f9b0 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 55153->55265 55164 6e17fa94 ISource 55156->55164 55157 6e17fc1e Concurrency::details::ContextBase::GetWorkQueueIdentity 55261 6e15c9b0 66 API calls 2 library calls 55157->55261 55160 6e17fc2e ISource 55262 6e15c8c0 27 API calls 5 library calls 55160->55262 55161 6e17fb9c 55251 6e17f3a0 55161->55251 55164->55115 55165 6e17fb31 55165->55161 55168 6e17fbc2 55165->55168 55166 6e17fc4b 55263 6e165a30 109 API calls 2 library calls 55166->55263 55169 6e17f3a0 98 API calls 55168->55169 55169->55143 55171 6e17fbcf 55170->55171 55172 6e1a1773 486 API calls 55171->55172 55173 6e17fbdd WaitForSingleObject CloseHandle 55172->55173 55174 6e17fc02 55173->55174 55175 6e17fc53 ISource 55173->55175 55174->55175 57904 6e155c30 27 API calls 4 library calls 55174->57904 55176 6e17fc70 55175->55176 55177 6e17fc79 55175->55177 57908 6e17f9b0 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 55176->57908 55182 6e17fc77 ISource 55177->55182 57909 6e17f9b0 8 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 55177->57909 55180 6e17fc1e Concurrency::details::ContextBase::GetWorkQueueIdentity 57905 6e15c9b0 66 API calls 2 library calls 55180->57905 55182->55115 55184 6e17fc2e ISource 57906 6e15c8c0 27 API calls 5 library calls 55184->57906 55186 6e17fc4b 57907 6e165a30 109 API calls 2 library calls 55186->57907 55188->55115 55190 406113 9 API calls 55189->55190 55191 406300 55190->55191 55191->55115 55193 6e15901b _Error_objects 55192->55193 55266 6e156460 55193->55266 55195 6e159024 55270 6e158a00 55195->55270 55198 6e15904a 55198->55130 55199 6e158fd0 _DebugHeapAllocator 27 API calls 55199->55198 55276 6e158fb0 55200->55276 55348 6e156770 55203->55348 55205 6e155920 55205->55136 55207 6e17fe13 55206->55207 55208 6e158fd0 _DebugHeapAllocator 27 API calls 55207->55208 55209 6e17fe1e _Error_objects 55208->55209 55210 6e17fe38 55209->55210 55212 6e17fe44 std::ios_base::good 55209->55212 55211 6e158a50 _DebugHeapAllocator 16 API calls 55210->55211 55213 6e17fe42 55211->55213 55370 6e155c30 27 API calls 4 library calls 55212->55370 55353 6e17f2a0 55213->55353 55215 6e17fe63 55371 6e158660 55215->55371 55218 6e17fe81 ISource 55374 6e155fe0 55218->55374 55222 6e1a1780 55221->55222 55223 6e1a1795 55221->55223 56630 6e195554 14 API calls _memcpy_s 55222->56630 56621 6e1a1723 55223->56621 55227 6e1a1785 56631 6e19547a 25 API calls _memcpy_s 55227->56631 55228 6e1a17ad CreateThread 55231 6e1a17ce GetLastError 55228->55231 55232 6e1a17ec ResumeThread 55228->55232 56657 6e1a1615 55228->56657 55230 6e1a1790 55230->55148 56632 6e19551e 14 API calls 3 library calls 55231->56632 55232->55231 55233 6e1a17da 55232->55233 56633 6e1a1695 55233->56633 55236 6e1a17e6 55236->55148 55237 6e155860 55238 6e15588b _Error_objects 55237->55238 55239 6e156460 _DebugHeapAllocator 16 API calls 55238->55239 55240 6e155894 55239->55240 57864 6e1563d0 55240->57864 55243 6e1558ba 55245 6e17ff60 109 API calls 4 library calls 55243->55245 55244 6e156420 _DebugHeapAllocator 27 API calls 55244->55243 55245->55145 55246->55145 55248 6e157050 KiUserExceptionDispatcher 55247->55248 55249 6e156dc3 55248->55249 55249->55145 55250->55165 57869 6e17f890 55251->57869 55254 6e158ff0 _Error_objects 63 API calls 55255 6e17f3f5 55254->55255 55256 6e17f410 98 API calls 55255->55256 55257 6e17f3fa 55256->55257 55258 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55257->55258 55259 6e17f407 55258->55259 55259->55164 55260->55157 55261->55160 55262->55166 55263->55150 55264->55156 55265->55156 55267 6e156469 55266->55267 55269 6e15649d _DebugHeapAllocator 55267->55269 55274 6e1590c0 16 API calls _DebugHeapAllocator 55267->55274 55269->55195 55271 6e158a13 55270->55271 55272 6e158a38 55270->55272 55271->55272 55275 6e1589c0 63 API calls _Error_objects 55271->55275 55272->55198 55272->55199 55274->55267 55275->55272 55279 6e158f80 55276->55279 55280 6e158f90 _DebugHeapAllocator 55279->55280 55283 6e158ec0 55280->55283 55284 6e158edc 55283->55284 55285 6e158ecf 55283->55285 55289 6e158eec Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 55284->55289 55302 6e1590c0 16 API calls _DebugHeapAllocator 55284->55302 55298 6e158a50 55285->55298 55288 6e158ed7 55288->55132 55303 6e158d20 55289->55303 55292 6e158f45 _DebugHeapAllocator 55307 6e1591f0 55292->55307 55293 6e158f20 _DebugHeapAllocator 55306 6e158e20 25 API calls __mbstowcs_l 55293->55306 55296 6e158f40 55310 6e158ea0 55296->55310 55299 6e158a61 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 55298->55299 55301 6e158a75 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 55299->55301 55313 6e158e50 55299->55313 55301->55288 55302->55289 55318 6e158cc0 55303->55318 55306->55296 55326 6e1590e0 55307->55326 55309 6e15920c 55309->55296 55311 6e158e50 Concurrency::details::ContextBase::GetWorkQueueIdentity 16 API calls 55310->55311 55312 6e158eb3 55311->55312 55312->55288 55315 6e158e5d Concurrency::details::ContextBase::GetWorkQueueIdentity 55313->55315 55316 6e158e77 Concurrency::details::ContextBase::GetWorkQueueIdentity 55315->55316 55317 6e1590c0 16 API calls _DebugHeapAllocator 55315->55317 55316->55301 55317->55316 55319 6e158ccf 55318->55319 55321 6e158cd9 Concurrency::details::ContextBase::GetWorkQueueIdentity 55318->55321 55324 6e1590c0 16 API calls _DebugHeapAllocator 55319->55324 55322 6e158d12 55321->55322 55325 6e158c20 27 API calls 2 library calls 55321->55325 55322->55292 55322->55293 55324->55321 55325->55322 55327 6e1590f3 55326->55327 55331 6e1590ec _memcpy_s 55326->55331 55328 6e159115 55327->55328 55333 6e15912f _memcpy_s 55327->55333 55342 6e195554 14 API calls _memcpy_s 55328->55342 55330 6e15911a 55343 6e19547a 25 API calls _memcpy_s 55330->55343 55331->55309 55333->55331 55334 6e159175 55333->55334 55335 6e15918c 55333->55335 55344 6e195554 14 API calls _memcpy_s 55334->55344 55335->55331 55346 6e195554 14 API calls _memcpy_s 55335->55346 55337 6e15917a 55345 6e19547a 25 API calls _memcpy_s 55337->55345 55340 6e1591b5 55347 6e19547a 25 API calls _memcpy_s 55340->55347 55342->55330 55343->55331 55344->55337 55345->55331 55346->55340 55347->55331 55349 6e156779 __CrtIsValidPointer 55348->55349 55351 6e1567bc Concurrency::details::ContextBase::GetWorkQueueIdentity _Error_objects 55349->55351 55352 6e1590c0 16 API calls _DebugHeapAllocator 55349->55352 55351->55205 55352->55349 55354 6e17f2d5 55353->55354 55355 6e17f2e1 55353->55355 55379 6e15c3c0 GetModuleFileNameW Sleep 55354->55379 55480 6e1559f0 27 API calls 5 library calls 55355->55480 55358 6e17f2df 55361 6e17f354 55358->55361 55362 6e17f319 55358->55362 55359 6e17f2f7 55481 6e15c300 125 API calls 2 library calls 55359->55481 55364 6e158660 _DebugHeapAllocator 27 API calls 55361->55364 55404 6e1613e0 55362->55404 55369 6e17f343 ISource 55364->55369 55365 6e17f322 55367 6e158660 _DebugHeapAllocator 27 API calls 55365->55367 55367->55369 55427 6e160b60 55369->55427 55370->55215 55372 6e1585d0 _DebugHeapAllocator 27 API calls 55371->55372 55373 6e158673 55372->55373 55373->55218 56592 6e1566e0 55374->56592 55482 6e1811a3 55379->55482 55384 6e181a19 66 API calls 55385 6e15c457 55384->55385 55504 6e1819d8 55385->55504 55388 6e181a19 66 API calls 55389 6e15c4a6 55388->55389 55509 6e18205a 55389->55509 55391 6e15c4cd 55521 6e15c540 55391->55521 55393 6e15c4e3 55633 6e18257d 66 API calls 55393->55633 55395 6e15c4ee 55634 6e1814e1 55395->55634 55399 6e15c508 55643 6e181233 55399->55643 55402 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55403 6e15c52f 55402->55403 55403->55358 55405 6e158680 _Error_objects 16 API calls 55404->55405 55406 6e161414 55405->55406 56488 6e157cc0 55406->56488 55411 6e1583a0 16 API calls 55412 6e161445 55411->55412 55413 6e16147c Concurrency::details::ContextBase::GetWorkQueueIdentity ISource 55412->55413 56512 6e157ea0 65 API calls 2 library calls 55412->56512 55415 6e161493 DeleteFileW 55413->55415 55417 6e1614a4 Concurrency::details::ContextBase::GetWorkQueueIdentity 55415->55417 55416 6e161458 Concurrency::details::ContextBase::GetWorkQueueIdentity 56513 6e17e700 66 API calls 2 library calls 55416->56513 56501 6e191373 CreateDirectoryW 55417->56501 55420 6e1614aa 55426 6e1614e4 ISource 55420->55426 56514 6e157ea0 65 API calls 2 library calls 55420->56514 55421 6e159330 _DebugHeapAllocator 27 API calls 55423 6e1614ff ISource 55421->55423 55423->55365 55424 6e1614c0 Concurrency::details::ContextBase::GetWorkQueueIdentity 56515 6e17e700 66 API calls 2 library calls 55424->56515 55426->55421 55455 6e160ba4 ISource 55427->55455 55428 6e158680 _Error_objects 16 API calls 55428->55455 55429 6e160e0f ISource 56518 6e162180 55429->56518 55430 6e160c41 55431 6e160cb0 55430->55431 55432 6e160cdc 55430->55432 55435 6e157cc0 27 API calls 55431->55435 55436 6e157cc0 27 API calls 55432->55436 55433 6e158ff0 63 API calls _Error_objects 55433->55455 55437 6e160cc2 ExpandEnvironmentStringsW 55435->55437 55438 6e160ce9 SHGetFolderPathW 55436->55438 55439 6e1583a0 16 API calls 55437->55439 55440 6e1583a0 16 API calls 55438->55440 55441 6e160cda 55439->55441 55440->55441 56534 6e155ed0 55441->56534 55444 6e160c34 55446 6e158660 _DebugHeapAllocator 27 API calls 55444->55446 55445 6e155fe0 Concurrency::details::ContextBase::GetWorkQueueIdentity 28 API calls 55447 6e160d1c 55445->55447 55446->55430 56538 6e1558e0 55447->56538 55448 6e160e52 56521 6e1621a0 55448->56521 55450 6e155910 16 API calls _Error_objects 55450->55455 55454 6e160dd9 55454->55429 56547 6e161ba0 27 API calls 3 library calls 55454->56547 55455->55428 55455->55429 55455->55430 55455->55433 55455->55444 55455->55450 55460 6e160c84 55455->55460 55458 6e160d4d Concurrency::details::ContextBase::GetWorkQueueIdentity 56542 6e161ba0 27 API calls 3 library calls 55458->56542 55462 6e158660 _DebugHeapAllocator 27 API calls 55460->55462 55461 6e160df0 56548 6e161910 27 API calls swap 55461->56548 55462->55430 55463 6e160ed0 56530 6e1621f0 55463->56530 55466 6e160e03 56549 6e165910 25 API calls task 55466->56549 55468 6e160d7a ISource 56543 6e162100 27 API calls swap 55468->56543 55471 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55472 6e160f21 55471->55472 55472->55145 55472->55164 55472->55237 55474 6e160d99 56544 6e161a70 27 API calls swap 55474->56544 55476 6e160dc1 56545 6e160f60 25 API calls task 55476->56545 55478 6e160dcd 56546 6e165910 25 API calls task 55478->56546 55480->55359 55481->55358 55483 6e1811b8 _Error_objects 55482->55483 55484 6e156460 _DebugHeapAllocator 16 API calls 55483->55484 55485 6e15c422 55484->55485 55486 6e1817d7 55485->55486 55487 6e158a50 _DebugHeapAllocator 16 API calls 55486->55487 55488 6e181821 55487->55488 55489 6e18199b _Error_objects 55488->55489 55491 6e18183d 55488->55491 55490 6e158ec0 _DebugHeapAllocator 27 API calls 55489->55490 55501 6e18198e 55489->55501 55490->55501 55649 6e181c23 55491->55649 55492 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55494 6e15c43f 55492->55494 55494->55384 55495 6e181850 _Error_objects 55496 6e158ec0 _DebugHeapAllocator 27 API calls 55495->55496 55495->55501 55497 6e181878 55496->55497 55498 6e18196d 55497->55498 55499 6e181977 CreateFileW 55497->55499 55691 6e1815a8 55498->55691 55502 6e181975 55499->55502 55501->55492 55502->55501 55698 6e181be1 28 API calls 2 library calls 55502->55698 55505 6e1819e9 ReadFile 55504->55505 55506 6e15c477 55504->55506 55505->55506 55507 6e181a02 GetLastError 55505->55507 55506->55388 55741 6e18c34c 63 API calls 55507->55741 55510 6e182066 __EH_prolog3 _Error_objects 55509->55510 55511 6e156460 _DebugHeapAllocator 16 API calls 55510->55511 55512 6e182079 55511->55512 55513 6e182088 55512->55513 55514 6e18218f 55512->55514 55742 6e18c5db 55513->55742 55756 6e1809ff KiUserExceptionDispatcher CallUnexpected 55514->55756 55519 6e1820aa _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity __DllMainCRTStartup@12 55519->55391 55823 6e158680 55521->55823 55523 6e15c570 55524 6e15c595 55523->55524 55525 6e15c712 55523->55525 55912 6e15d010 66 API calls 2 library calls 55524->55912 55827 6e15d050 55525->55827 55528 6e15c5a1 55913 6e15d010 66 API calls 2 library calls 55528->55913 55531 6e15d050 67 API calls 55533 6e15c72d 55531->55533 55532 6e15c5b0 55914 6e15f680 66 API calls 55532->55914 55857 6e15f590 55533->55857 55537 6e15c5bf 55915 6e15f680 66 API calls 55537->55915 55538 6e15f590 65 API calls 55540 6e15c74b 55538->55540 55542 6e15f590 65 API calls 55540->55542 55541 6e15c5ce 55916 6e15f680 66 API calls 55541->55916 55544 6e15c75a 55542->55544 55546 6e15f590 65 API calls 55544->55546 55545 6e15c5dd 55917 6e15f680 66 API calls 55545->55917 55549 6e15c769 55546->55549 55548 6e15c5ec 55918 6e15f680 66 API calls 55548->55918 55551 6e15f590 65 API calls 55549->55551 55553 6e15c778 55551->55553 55552 6e15c5fb 55919 6e15d010 66 API calls 2 library calls 55552->55919 55555 6e15d050 67 API calls 55553->55555 55557 6e15c787 55555->55557 55556 6e15c60a 55920 6e15d010 66 API calls 2 library calls 55556->55920 55559 6e15d050 67 API calls 55557->55559 55561 6e15c796 55559->55561 55560 6e15c619 55921 6e15d010 66 API calls 2 library calls 55560->55921 55563 6e15d050 67 API calls 55561->55563 55565 6e15c7a5 55563->55565 55564 6e15c628 55922 6e15d010 66 API calls 2 library calls 55564->55922 55566 6e15d050 67 API calls 55565->55566 55568 6e15c7b4 55566->55568 55570 6e15d050 67 API calls 55568->55570 55569 6e15c637 55923 6e15d010 66 API calls 2 library calls 55569->55923 55572 6e15c7c3 55570->55572 55574 6e15d050 67 API calls 55572->55574 55573 6e15c646 55924 6e15d010 66 API calls 2 library calls 55573->55924 55576 6e15c7d2 55574->55576 55860 6e15d290 55576->55860 55577 6e15c655 55925 6e15d250 66 API calls 2 library calls 55577->55925 55580 6e15c664 55926 6e15d010 66 API calls 2 library calls 55580->55926 55583 6e15d050 67 API calls 55585 6e15c7f0 55583->55585 55584 6e15c673 55927 6e15f680 66 API calls 55584->55927 55587 6e15f590 65 API calls 55585->55587 55589 6e15c7ff 55587->55589 55588 6e15c682 55928 6e15d010 66 API calls 2 library calls 55588->55928 55591 6e15d050 67 API calls 55589->55591 55593 6e15c80b 55591->55593 55592 6e15c68e 55929 6e15d010 66 API calls 2 library calls 55592->55929 55595 6e15d050 67 API calls 55593->55595 55597 6e15c817 55595->55597 55596 6e15c69a 55930 6e15d010 66 API calls 2 library calls 55596->55930 55598 6e15d050 67 API calls 55597->55598 55600 6e15c823 55598->55600 55602 6e15f590 65 API calls 55600->55602 55601 6e15c6a6 55931 6e15f680 66 API calls 55601->55931 55604 6e15c832 55602->55604 55606 6e15f590 65 API calls 55604->55606 55605 6e15c6b5 55932 6e15f680 66 API calls 55605->55932 55608 6e15c83e 55606->55608 55610 6e15f590 65 API calls 55608->55610 55609 6e15c6c1 55933 6e15f680 66 API calls 55609->55933 55613 6e15c84a 55610->55613 55612 6e15c6cd 55934 6e15f680 66 API calls 55612->55934 55615 6e15f590 65 API calls 55613->55615 55617 6e15c856 55615->55617 55616 6e15c6d9 55935 6e15f6a0 66 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 55616->55935 55890 6e15f5b0 55617->55890 55620 6e15c6e5 55622 6e15b4e0 99 API calls 55620->55622 55624 6e15c6f4 55622->55624 55936 6e15bd90 68 API calls 3 library calls 55624->55936 55628 6e15c703 55937 6e182b87 66 API calls 55628->55937 55629 6e15c880 55939 6e1829fe 55629->55939 55632 6e15c70d ISource 55632->55393 55633->55395 55635 6e1814fd 55634->55635 55636 6e1814ed CloseHandle 55634->55636 55637 6e158a50 _DebugHeapAllocator 16 API calls 55635->55637 55636->55635 55638 6e18150d 55637->55638 55639 6e15c4f9 55638->55639 55640 6e181511 GetLastError 55638->55640 55642 6e182195 66 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 55639->55642 56487 6e18c34c 63 API calls 55640->56487 55642->55399 55644 6e18128a 55643->55644 55645 6e181299 Concurrency::details::ContextBase::GetWorkQueueIdentity 55643->55645 55644->55645 55646 6e1814e1 65 API calls 55644->55646 55647 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55645->55647 55646->55645 55648 6e15c51a 55647->55648 55648->55402 55650 6e181c32 __EH_prolog3_GS 55649->55650 55651 6e181dea 55650->55651 55653 6e181c51 GetFullPathNameW 55650->55653 55730 6e1809ff KiUserExceptionDispatcher CallUnexpected 55651->55730 55655 6e181c6a 55653->55655 55656 6e181c93 55653->55656 55708 6e1a19ca 55655->55708 55657 6e181cb5 _Error_objects 55656->55657 55665 6e181c97 _Error_objects 55656->55665 55662 6e156460 _DebugHeapAllocator 16 API calls 55657->55662 55666 6e181cc6 55662->55666 55668 6e158ec0 _DebugHeapAllocator 27 API calls 55665->55668 55678 6e181c89 Concurrency::details::ContextBase::GetWorkQueueIdentity 55665->55678 55699 6e181497 55666->55699 55668->55678 55671 6e181cf1 GetVolumeInformationW 55673 6e181d11 55671->55673 55674 6e181d25 55671->55674 55672 6e181db5 Concurrency::details::ContextBase::GetWorkQueueIdentity 55672->55495 55728 6e181be1 28 API calls 2 library calls 55673->55728 55676 6e181d2f CharUpperW 55674->55676 55677 6e181d41 55674->55677 55676->55677 55677->55672 55679 6e181d45 FindFirstFileW 55677->55679 55727 6e18f9bd 5 API calls __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 55678->55727 55679->55672 55680 6e181d58 FindClose 55679->55680 55680->55673 55681 6e181d69 55680->55681 55681->55673 55682 6e181d71 _Error_objects 55681->55682 55683 6e181dc5 _Error_objects 55682->55683 55684 6e181d97 55682->55684 55683->55678 55688 6e158ec0 _DebugHeapAllocator 27 API calls 55683->55688 55729 6e1a189b 25 API calls _memcpy_s 55684->55729 55686 6e181dac 55687 6e158810 Concurrency::details::ContextBase::GetWorkQueueIdentity KiUserExceptionDispatcher 55686->55687 55689 6e181db2 55687->55689 55690 6e181de5 55688->55690 55689->55672 55690->55678 55692 6e1815fc 55691->55692 55693 6e1815b6 GetModuleHandleW 55691->55693 55694 6e18161c 55692->55694 55696 6e181601 CreateFileW 55692->55696 55693->55694 55695 6e1815c5 GetProcAddress 55693->55695 55694->55502 55695->55694 55697 6e1815d7 55695->55697 55696->55694 55697->55694 55698->55501 55700 6e158cc0 Concurrency::details::ContextBase::GetWorkQueueIdentity 27 API calls 55699->55700 55701 6e1814aa _memcpy_s 55700->55701 55702 6e1a19ca __DllMainCRTStartup@12 25 API calls 55701->55702 55703 6e1814c1 55702->55703 55704 6e158810 Concurrency::details::ContextBase::GetWorkQueueIdentity KiUserExceptionDispatcher 55703->55704 55705 6e1814c7 PathStripToRootW 55704->55705 55731 6e1583a0 55705->55731 55710 6e1a18ff 55708->55710 55709 6e1a1917 55712 6e181c79 55709->55712 55735 6e195554 14 API calls _memcpy_s 55709->55735 55710->55709 55710->55712 55714 6e1a1954 55710->55714 55717 6e158810 55712->55717 55714->55712 55737 6e195554 14 API calls _memcpy_s 55714->55737 55716 6e1a1921 55736 6e19547a 25 API calls _memcpy_s 55716->55736 55718 6e158841 55717->55718 55719 6e158820 55717->55719 55740 6e1809ff KiUserExceptionDispatcher CallUnexpected 55718->55740 55719->55718 55720 6e158831 55719->55720 55721 6e158838 55719->55721 55725 6e158836 55719->55725 55738 6e180a19 KiUserExceptionDispatcher CallUnexpected 55720->55738 55739 6e1809ff KiUserExceptionDispatcher CallUnexpected 55721->55739 55726 6e181be1 28 API calls 2 library calls 55725->55726 55726->55678 55728->55678 55729->55686 55733 6e1583af _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 55731->55733 55732 6e158e50 Concurrency::details::ContextBase::GetWorkQueueIdentity 16 API calls 55734 6e1583de PathIsUNCW 55732->55734 55733->55732 55734->55671 55734->55672 55735->55716 55736->55712 55737->55716 55741->55506 55757 6e18c6e4 55742->55757 55745 6e158ff0 _Error_objects 63 API calls 55746 6e18c638 55745->55746 55747 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55746->55747 55748 6e18209d 55747->55748 55749 6e1585d0 55748->55749 55750 6e1585e1 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 55749->55750 55751 6e15862e 55750->55751 55753 6e158612 Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 55750->55753 55754 6e15862c _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 55750->55754 55816 6e159220 55751->55816 55755 6e158ec0 _DebugHeapAllocator 27 API calls 55753->55755 55754->55519 55755->55754 55758 6e18c70a _memcpy_s 55757->55758 55759 6e1a19ca __DllMainCRTStartup@12 25 API calls 55758->55759 55760 6e18c71d 55759->55760 55761 6e158810 Concurrency::details::ContextBase::GetWorkQueueIdentity KiUserExceptionDispatcher 55760->55761 55762 6e18c723 55761->55762 55763 6e18c735 GetFileTime 55762->55763 55783 6e18c821 55762->55783 55764 6e18c750 GetFileSizeEx 55763->55764 55763->55783 55765 6e18c765 55764->55765 55764->55783 55768 6e18c779 55765->55768 55769 6e18c79a GetFileAttributesW 55765->55769 55770 6e18c784 55765->55770 55766 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55767 6e18c62a 55766->55767 55767->55745 55785 6e18c866 FileTimeToLocalFileTime 55768->55785 55769->55768 55800 6e18c4df GetModuleHandleW GetProcAddress GetFileAttributesExW 55770->55800 55773 6e18c78f 55773->55768 55775 6e18c7ca 55777 6e18c866 7 API calls 55775->55777 55778 6e18c7e3 55777->55778 55779 6e18c7f5 55778->55779 55780 6e18c36b 96 API calls 55778->55780 55781 6e18c866 7 API calls 55779->55781 55780->55779 55782 6e18c80f 55781->55782 55782->55783 55784 6e18c36b 96 API calls 55782->55784 55783->55766 55784->55783 55786 6e18c888 FileTimeToSystemTime 55785->55786 55787 6e18c89a 55785->55787 55786->55787 55788 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55787->55788 55789 6e18c7b8 55788->55789 55789->55775 55790 6e18c36b FileTimeToSystemTime 55789->55790 55791 6e18c3cf 55790->55791 55792 6e18c390 SystemTimeToTzSpecificLocalTime 55790->55792 55805 6e1590c0 16 API calls _DebugHeapAllocator 55791->55805 55792->55791 55794 6e18c3a4 55792->55794 55801 6e18c3e1 55794->55801 55795 6e18c3e0 55798 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55799 6e18c3cb 55798->55799 55799->55775 55800->55773 55802 6e18c402 55801->55802 55804 6e18c3b3 55801->55804 55806 6e18c439 55802->55806 55804->55798 55805->55795 55807 6e18c4cd 55806->55807 55810 6e18c45f 55806->55810 55808 6e1590c0 _DebugHeapAllocator 16 API calls 55807->55808 55809 6e18c4de 55808->55809 55810->55807 55811 6e1a2000 94 API calls 55810->55811 55812 6e18c4ad 55811->55812 55812->55807 55813 6e18c4bb 55812->55813 55814 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55813->55814 55815 6e18c4c9 55814->55815 55815->55804 55818 6e15923e _DebugHeapAllocator 55816->55818 55817 6e15925a _DebugHeapAllocator 55817->55754 55818->55817 55820 6e15928d _DebugHeapAllocator 55818->55820 55822 6e157a80 16 API calls _DebugHeapAllocator 55818->55822 55821 6e1591f0 _wmemcpy_s 25 API calls 55820->55821 55821->55817 55822->55820 55824 6e15868c _Error_objects 55823->55824 55825 6e156460 _DebugHeapAllocator 16 API calls 55824->55825 55826 6e158695 55825->55826 55826->55523 55944 6e182441 55827->55944 55830 6e15d164 55965 6e15d4b0 16 API calls 55830->55965 55831 6e15d0a7 55960 6e15d4e0 16 API calls 55831->55960 55834 6e15d0b9 Concurrency::details::ContextBase::GetWorkQueueIdentity 55961 6e182857 63 API calls 2 library calls 55834->55961 55835 6e15d176 Concurrency::details::ContextBase::GetWorkQueueIdentity 55966 6e182857 63 API calls 2 library calls 55835->55966 55838 6e15d0de 55842 6e15d0fb Concurrency::details::ContextBase::GetWorkQueueIdentity 55838->55842 55962 6e182d44 63 API calls 8 library calls 55838->55962 55839 6e15d19d 55840 6e15d1bc Concurrency::details::ContextBase::GetWorkQueueIdentity 55839->55840 55967 6e182d44 63 API calls 8 library calls 55839->55967 55968 6e1562f0 27 API calls _Error_objects 55840->55968 55963 6e15d710 29 API calls 3 library calls 55842->55963 55846 6e15d1da 55849 6e158660 _DebugHeapAllocator 27 API calls 55846->55849 55847 6e15d119 55848 6e158660 _DebugHeapAllocator 27 API calls 55847->55848 55850 6e15d13e ISource 55848->55850 55851 6e15d1ff ISource 55849->55851 55964 6e15d490 14 API calls 55850->55964 55969 6e15d490 14 API calls 55851->55969 55854 6e15d15f 55855 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55854->55855 55856 6e15c71e 55855->55856 55856->55531 55858 6e15f5b0 65 API calls 55857->55858 55859 6e15c73c 55858->55859 55859->55538 55861 6e182441 65 API calls 55860->55861 55862 6e15d2d4 55861->55862 55863 6e15d3a4 55862->55863 55864 6e15d2e7 55862->55864 56007 6e15d4b0 16 API calls 55863->56007 55999 6e15d4e0 16 API calls 55864->55999 55867 6e15d3b6 Concurrency::details::ContextBase::GetWorkQueueIdentity 56008 6e182857 63 API calls 2 library calls 55867->56008 55868 6e15d2f9 Concurrency::details::ContextBase::GetWorkQueueIdentity 56000 6e182857 63 API calls 2 library calls 55868->56000 55871 6e15d31e 55872 6e15d33b Concurrency::details::ContextBase::GetWorkQueueIdentity 55871->55872 56001 6e182d44 63 API calls 8 library calls 55871->56001 56002 6e15d6e0 27 API calls _Error_objects 55872->56002 55873 6e15d3dd 55874 6e15d3fc Concurrency::details::ContextBase::GetWorkQueueIdentity 55873->55874 56009 6e182d44 63 API calls 8 library calls 55873->56009 56010 6e15d620 29 API calls 2 library calls 55874->56010 55879 6e15d359 56003 6e15e8b0 55879->56003 55880 6e15d41a 55882 6e15e8b0 _DebugHeapAllocator 27 API calls 55880->55882 55883 6e15d43f ISource 55882->55883 56011 6e15d490 14 API calls 55883->56011 55884 6e15d37e ISource 56006 6e15d490 14 API calls 55884->56006 55887 6e15d39f 55888 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 55887->55888 55889 6e15c7e1 55888->55889 55889->55583 55893 6e15f5bf Concurrency::details::ContextBase::GetWorkQueueIdentity 55890->55893 55891 6e15f5d6 55892 6e15c862 55891->55892 55894 6e18258b 65 API calls 55891->55894 55896 6e15b4e0 55892->55896 55893->55891 56041 6e182d44 63 API calls 8 library calls 55893->56041 55894->55892 55897 6e15b513 55896->55897 55898 6e15b522 55897->55898 55899 6e15b568 55897->55899 56239 6e182b87 66 API calls 55898->56239 56042 6e15cfc0 55899->56042 55902 6e1829fe 65 API calls 55911 6e15b578 std::bad_exception::~bad_exception 55902->55911 55904 6e15b566 55938 6e15bd90 68 API calls 3 library calls 55904->55938 55907 6e15b533 55907->55904 55909 6e15af90 73 API calls 55907->55909 56240 6e157050 55907->56240 55909->55907 55911->55904 56045 6e15acf0 55911->56045 56084 6e15af90 55911->56084 56236 6e15cfe0 55911->56236 55912->55528 55913->55532 55914->55537 55915->55541 55916->55545 55917->55548 55918->55552 55919->55556 55920->55560 55921->55564 55922->55569 55923->55573 55924->55577 55925->55580 55926->55584 55927->55588 55928->55592 55929->55596 55930->55601 55931->55605 55932->55609 55933->55612 55934->55616 55935->55620 55936->55628 55937->55632 55938->55629 55940 6e18223c 65 API calls 55939->55940 55941 6e182a0e 55940->55941 55942 6e182a1c 55941->55942 55943 6e15f5b0 65 API calls 55941->55943 55942->55632 55943->55942 55970 6e1821f4 55944->55970 55947 6e15d094 55947->55830 55947->55831 55950 6e1824ac 55950->55947 55953 6e15f5b0 65 API calls 55950->55953 55951 6e1821f4 65 API calls 55952 6e18249a 55951->55952 55952->55947 55955 6e18223c 65 API calls 55952->55955 55954 6e1824ca 55953->55954 55954->55947 55984 6e182289 65 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 55954->55984 55955->55950 55957 6e1824dd 55957->55947 55985 6e182d44 63 API calls 8 library calls 55957->55985 55959 6e1824fa 55960->55834 55961->55838 55962->55842 55963->55847 55964->55854 55965->55835 55966->55839 55967->55840 55968->55846 55969->55854 55971 6e18222b Concurrency::details::ContextBase::GetWorkQueueIdentity 55970->55971 55972 6e182200 55970->55972 55995 6e182d44 63 API calls 8 library calls 55971->55995 55973 6e182217 55972->55973 55986 6e18258b 55972->55986 55973->55947 55977 6e18223c 55973->55977 55976 6e18223b 55978 6e182278 Concurrency::details::ContextBase::GetWorkQueueIdentity 55977->55978 55979 6e182248 55977->55979 55998 6e182d44 63 API calls 8 library calls 55978->55998 55980 6e182261 55979->55980 55981 6e18258b 65 API calls 55979->55981 55980->55950 55980->55951 55981->55980 55983 6e182288 55984->55957 55985->55959 55987 6e1825a1 55986->55987 55992 6e18264b Concurrency::details::ContextBase::GetWorkQueueIdentity 55986->55992 55987->55992 55993 6e1825e2 55987->55993 55996 6e1578b0 26 API calls 2 library calls 55987->55996 55988 6e1826bf 55988->55973 55991 6e1826d3 55992->55988 55997 6e182d44 63 API calls 8 library calls 55992->55997 55993->55992 55994 6e1819d8 65 API calls 55993->55994 55994->55993 55995->55976 55996->55993 55997->55991 55998->55983 55999->55868 56000->55871 56001->55872 56002->55879 56012 6e15e820 56003->56012 56005 6e15e8c3 56005->55884 56006->55887 56007->55867 56008->55873 56009->55874 56010->55880 56011->55887 56013 6e15e831 _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 56012->56013 56014 6e15e87e 56013->56014 56016 6e15e87c _DebugHeapAllocator Concurrency::details::ContextBase::GetWorkQueueIdentity 56013->56016 56017 6e15e862 Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 56013->56017 56034 6e15e770 27 API calls 2 library calls 56014->56034 56016->56005 56019 6e157630 56017->56019 56020 6e15764c 56019->56020 56021 6e15763f 56019->56021 56025 6e15765c Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 56020->56025 56036 6e1590c0 16 API calls _DebugHeapAllocator 56020->56036 56035 6e157580 16 API calls 2 library calls 56021->56035 56024 6e157647 56024->56016 56037 6e157c20 27 API calls _DebugHeapAllocator 56025->56037 56027 6e157683 56028 6e1576b0 _DebugHeapAllocator 56027->56028 56029 6e15768e _DebugHeapAllocator 56027->56029 56039 6e1579a0 25 API calls _memcpy_s 56028->56039 56038 6e1575f0 25 API calls __mbstowcs_l 56029->56038 56032 6e1576ab 56040 6e157980 16 API calls _DebugHeapAllocator 56032->56040 56034->56016 56035->56024 56036->56025 56037->56027 56038->56032 56039->56032 56040->56024 56041->55891 56244 6e15e920 56042->56244 56044 6e15b570 56044->55902 56263 6e167640 56045->56263 56085 6e158680 _Error_objects 16 API calls 56084->56085 56086 6e15afc0 56085->56086 56087 6e15afe5 56086->56087 56088 6e15b204 56086->56088 56393 6e15f680 66 API calls 56087->56393 56089 6e15f590 65 API calls 56088->56089 56433 6e15da10 56236->56433 56239->55907 56241 6e15705d 56240->56241 56243 6e157068 56241->56243 56486 6e1809ff KiUserExceptionDispatcher CallUnexpected 56241->56486 56243->55907 56245 6e15e934 56244->56245 56246 6e15e92f 56244->56246 56248 6e15ea7a 56245->56248 56254 6e15e9ca construct _memcpy_s _DebugHeapAllocator 56245->56254 56257 6e15e949 std::bad_exception::~bad_exception 56245->56257 56260 6e1809ff KiUserExceptionDispatcher CallUnexpected 56246->56260 56249 6e15eb75 56248->56249 56252 6e15ea89 construct _memcpy_s 56248->56252 56250 6e15ebfb _DebugHeapAllocator 56249->56250 56261 6e1809ff KiUserExceptionDispatcher CallUnexpected 56249->56261 56262 6e1577a0 26 API calls 2 library calls 56250->56262 56255 6e15acf0 92 API calls 56252->56255 56252->56257 56256 6e15acf0 92 API calls 56254->56256 56254->56257 56255->56252 56256->56254 56257->56044 56258 6e15ec37 construct _memcpy_s 56258->56257 56259 6e15acf0 92 API calls 56258->56259 56259->56258 56262->56258 56264 6e158680 _Error_objects 16 API calls 56263->56264 56265 6e16766e 56264->56265 56434 6e15da1d 56433->56434 56435 6e15da22 56433->56435 56480 6e1809ff KiUserExceptionDispatcher CallUnexpected 56434->56480 56436 6e15da3e 56435->56436 56438 6e15e920 92 API calls 56435->56438 56441 6e15e590 56436->56441 56438->56436 56487->55639 56489 6e158d20 Concurrency::details::ContextBase::GetWorkQueueIdentity 27 API calls 56488->56489 56490 6e157cd5 56489->56490 56491 6e158e50 Concurrency::details::ContextBase::GetWorkQueueIdentity 16 API calls 56490->56491 56492 6e157ce4 56491->56492 56493 6e190e77 GetTempPathW 56492->56493 56494 6e190eaa 56493->56494 56495 6e190f00 GetLastError 56493->56495 56494->56495 56496 6e190eae GetTempFileNameW 56494->56496 56498 6e190ed5 56495->56498 56497 6e190ec9 GetLastError 56496->56497 56496->56498 56497->56498 56499 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 56498->56499 56500 6e161438 56499->56500 56500->55411 56502 6e19138f GetLastError 56501->56502 56505 6e19139c 56501->56505 56503 6e1913a3 56502->56503 56502->56505 56506 6e1913b0 56503->56506 56516 6e19144c GetFileAttributesW 56503->56516 56505->55420 56506->56505 56507 6e191373 GetFileAttributesW 56506->56507 56508 6e1913ef 56507->56508 56508->56505 56509 6e1913fb CreateDirectoryW 56508->56509 56510 6e191409 GetLastError 56509->56510 56511 6e191419 56509->56511 56510->56511 56511->56505 56512->55416 56513->55413 56514->55424 56515->55426 56517 6e191460 56516->56517 56517->56506 56550 6e162db0 56518->56550 56569 6e162e20 56521->56569 56523 6e160ea5 56524 6e161840 56523->56524 56525 6e16188b 56524->56525 56529 6e1618c8 swap 56524->56529 56574 6e162290 25 API calls swap 56525->56574 56527 6e1618b0 56575 6e161e20 25 API calls Concurrency::details::VirtualProcessorRoot::Subscribe 56527->56575 56529->55463 56531 6e162203 task swap 56530->56531 56576 6e162f60 56531->56576 56535 6e155ee9 56534->56535 56536 6e155edf Concurrency::details::ContextBase::GetWorkQueueIdentity 56534->56536 56535->55445 56536->56535 56591 6e1568e0 27 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 56536->56591 56539 6e156770 _Error_objects 16 API calls 56538->56539 56540 6e1558f0 56539->56540 56540->55454 56541 6e1559f0 27 API calls 5 library calls 56540->56541 56541->55458 56542->55468 56543->55474 56544->55476 56545->55478 56546->55454 56547->55461 56548->55466 56549->55429 56551 6e162dc3 task 56550->56551 56554 6e163450 56551->56554 56564 6e163457 56554->56564 56555 6e16346a 56565 6e163c10 25 API calls 4 library calls 56555->56565 56556 6e16348a 56566 6e163d60 25 API calls 3 library calls 56556->56566 56558 6e162196 56558->55448 56561 6e16349c 56567 6e163e20 25 API calls 56561->56567 56563 6e163450 25 API calls 56563->56564 56564->56555 56564->56556 56564->56563 56568 6e163e60 5 API calls allocator 56564->56568 56565->56558 56566->56561 56567->56558 56568->56564 56571 6e162e33 allocator task swap 56569->56571 56570 6e162ee2 56570->56523 56571->56570 56573 6e162c40 25 API calls swap 56571->56573 56573->56571 56574->56527 56575->56529 56584 6e162f67 56576->56584 56577 6e162f7a 56587 6e163590 25 API calls 3 library calls 56577->56587 56578 6e162f9a 56588 6e1636e0 25 API calls 3 library calls 56578->56588 56582 6e162fac 56589 6e1637a0 25 API calls 56582->56589 56584->56577 56584->56578 56586 6e162f60 25 API calls 56584->56586 56590 6e1637e0 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 56584->56590 56585 6e160f09 56585->55471 56586->56584 56587->56585 56588->56582 56589->56585 56590->56584 56591->56535 56596 6e1566f1 Concurrency::details::ContextBase::GetWorkQueueIdentity 56592->56596 56593 6e155fef 56598 6e156620 56593->56598 56595 6e15673e Concurrency::details::ContextBase::GetWorkQueueIdentity 56595->56593 56611 6e1568e0 27 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 56595->56611 56596->56595 56608 6e157780 56596->56608 56599 6e156631 Concurrency::details::ContextBase::GetWorkQueueIdentity 56598->56599 56600 6e157780 Concurrency::details::ContextBase::GetWorkQueueIdentity GetStringTypeW 56599->56600 56602 6e156658 Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 56599->56602 56600->56599 56601 6e155ff6 56601->55213 56602->56601 56603 6e158d20 Concurrency::details::ContextBase::GetWorkQueueIdentity 27 API calls 56602->56603 56604 6e156688 std::ios_base::good 56603->56604 56620 6e1578b0 26 API calls 2 library calls 56604->56620 56606 6e1566c7 56607 6e158ea0 Concurrency::details::ContextBase::GetWorkQueueIdentity 16 API calls 56606->56607 56607->56601 56612 6e19f174 56608->56612 56611->56593 56615 6e1a4a66 56612->56615 56616 6e15778d 56615->56616 56617 6e1a4a83 56615->56617 56616->56596 56617->56616 56619 6e1ab71c GetStringTypeW 56617->56619 56619->56616 56620->56606 56641 6e1a4b9a 56621->56641 56625 6e1a1741 56626 6e1a1748 GetModuleHandleExW 56625->56626 56627 6e1a1765 56625->56627 56626->56627 56628 6e1a1695 16 API calls 56627->56628 56629 6e1a176d 56628->56629 56629->55228 56629->55233 56630->55227 56631->55230 56632->55233 56634 6e1a16a1 56633->56634 56635 6e1a16c5 56633->56635 56636 6e1a16b0 56634->56636 56637 6e1a16a7 CloseHandle 56634->56637 56635->55236 56638 6e1a16bf 56636->56638 56639 6e1a16b6 FreeLibrary 56636->56639 56637->56636 56640 6e1a391e _free 14 API calls 56638->56640 56639->56638 56640->56635 56646 6e1a4ba7 _unexpected 56641->56646 56642 6e1a4be7 56655 6e195554 14 API calls _memcpy_s 56642->56655 56643 6e1a4bd2 RtlAllocateHeap 56644 6e1a1734 56643->56644 56643->56646 56648 6e1a391e 56644->56648 56646->56642 56646->56643 56654 6e1a985d EnterCriticalSection LeaveCriticalSection _unexpected 56646->56654 56649 6e1a3929 HeapFree 56648->56649 56650 6e1a3952 _free 56648->56650 56649->56650 56651 6e1a393e 56649->56651 56650->56625 56656 6e195554 14 API calls _memcpy_s 56651->56656 56653 6e1a3944 GetLastError 56653->56650 56654->56646 56655->56644 56656->56653 56658 6e1a1621 ___scrt_is_nonwritable_in_current_image 56657->56658 56659 6e1a1628 GetLastError ExitThread 56658->56659 56660 6e1a1635 56658->56660 56673 6e1a36cc GetLastError 56660->56673 56664 6e1a1651 56705 6e17f5f0 56664->56705 56674 6e1a36e9 56673->56674 56675 6e1a36e3 56673->56675 56698 6e1a36ef SetLastError 56674->56698 56729 6e1a4f6f 56674->56729 56728 6e1a4f30 6 API calls _unexpected 56675->56728 56679 6e1a4b9a _unexpected 14 API calls 56680 6e1a3717 56679->56680 56682 6e1a371f 56680->56682 56683 6e1a3736 56680->56683 56686 6e1a4f6f _unexpected 6 API calls 56682->56686 56688 6e1a4f6f _unexpected 6 API calls 56683->56688 56684 6e1a163a 56700 6e1a80a7 56684->56700 56685 6e1a3783 56735 6e19f550 92 API calls __InternalCxxFrameHandler 56685->56735 56689 6e1a372d 56686->56689 56691 6e1a3742 56688->56691 56694 6e1a391e _free 14 API calls 56689->56694 56692 6e1a3746 56691->56692 56693 6e1a3757 56691->56693 56695 6e1a4f6f _unexpected 6 API calls 56692->56695 56734 6e1a34ce 14 API calls _unexpected 56693->56734 56694->56698 56695->56689 56697 6e1a3762 56699 6e1a391e _free 14 API calls 56697->56699 56698->56684 56698->56685 56699->56698 56701 6e1a80b9 GetPEB 56700->56701 56702 6e1a1645 56700->56702 56701->56702 56703 6e1a80cc 56701->56703 56702->56664 56727 6e1a50c9 5 API calls _unexpected 56702->56727 56744 6e1a4df6 5 API calls _unexpected 56703->56744 56745 6e153330 56705->56745 56708 6e17f689 CoCreateInstance 56710 6e17f6ab 56708->56710 56721 6e17f6dc ISource 56708->56721 56709 6e17f649 56812 6e157ea0 65 API calls 2 library calls 56709->56812 56814 6e157ea0 65 API calls 2 library calls 56710->56814 56714 6e17f656 Concurrency::details::ContextBase::GetWorkQueueIdentity 56813 6e17e700 66 API calls 2 library calls 56714->56813 56715 6e17f6b8 Concurrency::details::ContextBase::GetWorkQueueIdentity 56815 6e17e700 66 API calls 2 library calls 56715->56815 56719 6e159330 _DebugHeapAllocator 27 API calls 56722 6e17f7b1 56719->56722 56720 6e17f67a ISource 56720->56708 56754 6e153410 56721->56754 56816 6e161530 47 API calls 2 library calls 56722->56816 56724 6e17f7b6 56817 6e17f7f0 67 API calls 2 library calls 56724->56817 56726 6e17f7be ExitThread 56727->56664 56728->56674 56736 6e1a4d33 56729->56736 56732 6e1a4fa9 TlsSetValue 56733 6e1a3707 56733->56679 56733->56698 56734->56697 56737 6e1a4d61 56736->56737 56741 6e1a4d5d 56736->56741 56737->56741 56743 6e1a4c6c LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary 56737->56743 56739 6e1a4d75 56740 6e1a4d7b GetProcAddress 56739->56740 56739->56741 56740->56741 56742 6e1a4d8b _unexpected 56740->56742 56741->56732 56741->56733 56742->56741 56743->56739 56744->56702 56746 6e158680 _Error_objects 16 API calls 56745->56746 56747 6e153361 56746->56747 56748 6e158680 _Error_objects 16 API calls 56747->56748 56749 6e153373 56748->56749 56750 6e158680 _Error_objects 16 API calls 56749->56750 56751 6e153382 56750->56751 56818 6e17add0 56751->56818 56755 6e153457 56754->56755 56756 6e153466 56754->56756 56757 6e17f3a0 98 API calls 56755->56757 56758 6e17f3a0 98 API calls 56756->56758 56759 6e153461 task 56757->56759 56758->56759 56862 6e153bd0 56759->56862 56761 6e153482 Concurrency::details::ContextBase::GetWorkQueueIdentity 56895 6e159420 56761->56895 56763 6e153499 Concurrency::details::ContextBase::GetWorkQueueIdentity 56906 6e15a240 56763->56906 56765 6e1534ba 56766 6e1534e0 ISource std::ios_base::good 56765->56766 56767 6e159330 _DebugHeapAllocator 27 API calls 56765->56767 56770 6e158ff0 _Error_objects 63 API calls 56766->56770 56789 6e153573 56766->56789 56768 6e1534d7 56767->56768 56972 6e151390 56768->56972 56771 6e153546 56770->56771 56989 6e154110 83 API calls 2 library calls 56771->56989 56773 6e1535a4 task 56775 6e153737 56773->56775 56776 6e15371e 56773->56776 56774 6e15354e 56777 6e153557 56774->56777 56774->56789 56781 6e153740 56775->56781 56782 6e15374f 56775->56782 56779 6e17f3a0 98 API calls 56776->56779 56780 6e17f3a0 98 API calls 56777->56780 56778 6e156db0 KiUserExceptionDispatcher 56778->56789 56784 6e15356b 56779->56784 56780->56784 56785 6e17f3a0 98 API calls 56781->56785 56993 6e1555a0 148 API calls 4 library calls 56782->56993 56784->56719 56785->56784 56786 6e153757 56787 6e17f3a0 98 API calls 56786->56787 56788 6e153761 56787->56788 56788->56784 56789->56773 56789->56778 56790 6e1535f0 56789->56790 56791 6e17f3a0 98 API calls 56790->56791 56792 6e153601 56791->56792 56793 6e1585a0 _Error_objects 92 API calls 56792->56793 56794 6e15361f 56793->56794 56924 6e15c1f0 56794->56924 56796 6e1536e7 56928 6e153780 56796->56928 56798 6e153693 Concurrency::details::ContextBase::GetWorkQueueIdentity ISource 56802 6e19144c GetFileAttributesW 56798->56802 56800 6e153630 Concurrency::details::ContextBase::GetWorkQueueIdentity 56800->56796 56800->56798 56803 6e191373 5 API calls 56800->56803 56804 6e1536b8 Concurrency::details::ContextBase::GetWorkQueueIdentity 56802->56804 56805 6e153659 56803->56805 56806 6e1536d2 Concurrency::details::ContextBase::GetWorkQueueIdentity 56804->56806 56808 6e1536c7 SetCurrentDirectoryW 56804->56808 56805->56798 56990 6e157ea0 65 API calls 2 library calls 56805->56990 56992 6e17e700 66 API calls 2 library calls 56806->56992 56808->56796 56808->56806 56809 6e15366f Concurrency::details::ContextBase::GetWorkQueueIdentity 56991 6e17e700 66 API calls 2 library calls 56809->56991 56812->56714 56813->56720 56814->56715 56815->56721 56816->56724 56817->56726 56821 6e17ae70 GetModuleHandleW 56818->56821 56820 6e1533a0 CoInitializeEx 56820->56708 56820->56709 56822 6e17aeb3 GetLastError 56821->56822 56823 6e17aeff GetProcAddress GetProcAddress GetProcAddress 56821->56823 56852 6e157ea0 65 API calls 2 library calls 56822->56852 56825 6e17af59 56823->56825 56827 6e17af5d GetLastError 56825->56827 56828 6e17afa9 VirtualAlloc 56825->56828 56826 6e17aec9 Concurrency::details::ContextBase::GetWorkQueueIdentity 56853 6e17e700 66 API calls 2 library calls 56826->56853 56854 6e157ea0 65 API calls 2 library calls 56827->56854 56830 6e17afce GetLastError 56828->56830 56831 6e17b01a VirtualAlloc 56828->56831 56856 6e157ea0 65 API calls 2 library calls 56830->56856 56833 6e17b03d GetLastError 56831->56833 56834 6e17b089 VirtualAlloc 56831->56834 56832 6e17af73 Concurrency::details::ContextBase::GetWorkQueueIdentity 56855 6e17e700 66 API calls 2 library calls 56832->56855 56858 6e157ea0 65 API calls 2 library calls 56833->56858 56838 6e17b0ac GetLastError 56834->56838 56839 6e17b0e6 ISource 56834->56839 56860 6e157ea0 65 API calls 2 library calls 56838->56860 56839->56820 56840 6e17aeed ISource 56840->56823 56841 6e17afe4 Concurrency::details::ContextBase::GetWorkQueueIdentity 56857 6e17e700 66 API calls 2 library calls 56841->56857 56842 6e17b053 Concurrency::details::ContextBase::GetWorkQueueIdentity 56859 6e17e700 66 API calls 2 library calls 56842->56859 56845 6e17b0c2 Concurrency::details::ContextBase::GetWorkQueueIdentity 56861 6e17e700 66 API calls 2 library calls 56845->56861 56846 6e17af97 ISource 56846->56828 56849 6e17b008 ISource 56849->56831 56850 6e17b077 ISource 56850->56834 56852->56826 56853->56840 56854->56832 56855->56846 56856->56841 56857->56849 56858->56842 56859->56850 56860->56845 56861->56839 56863 6e158680 _Error_objects 16 API calls 56862->56863 56864 6e153c21 56863->56864 56865 6e153c4d GetModuleFileNameW 56864->56865 56869 6e153c36 ISource 56864->56869 56866 6e1811a3 16 API calls 56865->56866 56867 6e153c6c 56866->56867 56868 6e1817d7 39 API calls 56867->56868 56870 6e153c86 56868->56870 56871 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 56869->56871 56994 6e157cf0 56870->56994 56873 6e153fdb 56871->56873 56873->56761 56874 6e153f9a 56875 6e1814e1 65 API calls 56874->56875 56877 6e153fa5 56875->56877 56878 6e181233 65 API calls 56877->56878 56878->56869 56879 6e159330 _DebugHeapAllocator 27 API calls 56889 6e153c91 Concurrency::details::ExternalContextBase::~ExternalContextBase Concurrency::details::ContextBase::GetWorkQueueIdentity ISource 56879->56889 56881 6e191373 CreateDirectoryW GetLastError CreateDirectoryW GetLastError GetFileAttributesW 56881->56889 56883 6e1585a0 _Error_objects 92 API calls 56883->56889 56886 6e181a19 66 API calls 56886->56889 56889->56874 56889->56879 56889->56881 56889->56883 56889->56886 56890 6e153f15 SetFileTime 56889->56890 56997 6e157d10 56889->56997 57001 6e161050 56889->57001 57050 6e181161 56889->57050 57056 6e17b110 56889->57056 57065 6e17b200 56889->57065 57072 6e157ea0 65 API calls 2 library calls 56889->57072 57073 6e17e700 66 API calls 2 library calls 56889->57073 56891 6e1814e1 65 API calls 56890->56891 56892 6e153f5b Concurrency::details::ContextBase::GetWorkQueueIdentity 56891->56892 56893 6e153f70 SetFileAttributesW 56892->56893 56894 6e181233 65 API calls 56893->56894 56894->56889 56896 6e158fd0 _DebugHeapAllocator 27 API calls 56895->56896 56897 6e159436 56896->56897 56898 6e15943e 56897->56898 56899 6e159448 56897->56899 57173 6e159700 76 API calls 2 library calls 56898->57173 57129 6e1594c0 LoadLibraryW 56899->57129 56902 6e159446 56903 6e159450 56902->56903 57155 6e159940 56903->57155 56905 6e159458 56905->56763 57188 6e159b60 SysAllocString 56906->57188 56908 6e15a298 SafeArrayCreateVector SysAllocString SafeArrayPutElement 56909 6e15a2ea SysAllocString SafeArrayPutElement 56908->56909 56923 6e15a2e5 ISource 56908->56923 56911 6e15a32d SafeArrayPutElement 56909->56911 56909->56923 56910 6e15a414 VariantClear SafeArrayDestroy 56912 6e15a462 ISource 56910->56912 56913 6e15a42e 56910->56913 56914 6e15a36c VariantInit 56911->56914 56911->56923 56912->56765 57214 6e157ea0 65 API calls 2 library calls 56913->57214 56917 6e15a3ab 56914->56917 56916 6e15a43b Concurrency::details::ContextBase::GetWorkQueueIdentity 57215 6e17e700 66 API calls 2 library calls 56916->57215 56918 6e15a3b4 VariantClear SafeArrayDestroy 56917->56918 56917->56923 57212 6e157ea0 65 API calls 2 library calls 56918->57212 56920 6e15a3d5 Concurrency::details::ContextBase::GetWorkQueueIdentity 57213 6e17e700 66 API calls 2 library calls 56920->57213 56923->56910 56925 6e15c204 Concurrency::details::ExternalContextBase::~ExternalContextBase 56924->56925 56926 6e157d10 Concurrency::details::ExternalContextBase::~ExternalContextBase KiUserExceptionDispatcher 56925->56926 56927 6e15c22c 56925->56927 56926->56925 56927->56800 56929 6e158a50 _DebugHeapAllocator 16 API calls 56928->56929 56930 6e1537bd 56929->56930 56931 6e158a50 _DebugHeapAllocator 16 API calls 56930->56931 56932 6e1537c8 56931->56932 56933 6e158680 _Error_objects 16 API calls 56932->56933 56934 6e1537d0 56933->56934 56935 6e1537e6 56934->56935 56936 6e1537fb 56934->56936 56937 6e1537ec 56935->56937 56938 6e15383e 56935->56938 57222 6e153ff0 56936->57222 56941 6e1537f6 56937->56941 56946 6e153bd0 126 API calls 56937->56946 56940 6e153ff0 118 API calls 56938->56940 56943 6e15384e 56940->56943 56949 6e1585a0 _Error_objects 92 API calls 56941->56949 56947 6e153864 56943->56947 56948 6e153852 56943->56948 56952 6e15388a 56946->56952 56954 6e153bd0 126 API calls 56947->56954 56953 6e158fd0 _DebugHeapAllocator 27 API calls 56948->56953 56962 6e1538c3 Concurrency::details::ContextBase::GetWorkQueueIdentity 56949->56962 57360 6e154360 112 API calls 3 library calls 56952->57360 56953->56941 56959 6e15389a 56959->56941 57361 6e159fa0 88 API calls 2 library calls 56962->57361 56973 6e159330 _DebugHeapAllocator 27 API calls 56972->56973 56974 6e1513d0 56973->56974 56975 6e158680 _Error_objects 16 API calls 56974->56975 56987 6e1513dc ISource std::ios_base::good _Error_objects 56975->56987 56976 6e151568 56977 6e155f80 27 API calls 56976->56977 56978 6e151575 56977->56978 56980 6e159330 _DebugHeapAllocator 27 API calls 56978->56980 56979 6e155b50 27 API calls 56979->56987 56983 6e15157e ISource 56980->56983 56983->56766 56984 6e155c30 27 API calls _Error_objects 56984->56987 56985 6e155de0 27 API calls 56985->56987 56986 6e155fe0 28 API calls Concurrency::details::ContextBase::GetWorkQueueIdentity 56986->56987 56987->56976 56987->56979 56987->56984 56987->56985 56987->56986 56988 6e158660 27 API calls _DebugHeapAllocator 56987->56988 57862 6e1559f0 27 API calls 5 library calls 56987->57862 57863 6e1562d0 27 API calls _DebugHeapAllocator 56987->57863 56988->56987 56989->56774 56990->56809 56991->56798 56992->56796 56993->56786 56996 6e181a19 66 API calls 56994->56996 56995 6e157d0a 56995->56889 56996->56995 56998 6e157d27 56997->56998 56999 6e157d2c 56997->56999 57074 6e1809ff KiUserExceptionDispatcher CallUnexpected 56998->57074 56999->56889 57002 6e158680 _Error_objects 16 API calls 57001->57002 57003 6e16108d 57002->57003 57004 6e158680 _Error_objects 16 API calls 57003->57004 57005 6e16109c 57004->57005 57006 6e158680 _Error_objects 16 API calls 57005->57006 57007 6e1610af 57006->57007 57008 6e158680 _Error_objects 16 API calls 57007->57008 57009 6e1610bb 57008->57009 57010 6e159330 _DebugHeapAllocator 27 API calls 57009->57010 57011 6e1610cb 57010->57011 57012 6e155fe0 Concurrency::details::ContextBase::GetWorkQueueIdentity 28 API calls 57011->57012 57014 6e1610d7 std::ios_base::good 57012->57014 57013 6e1610e6 ISource 57023 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 57013->57023 57014->57013 57015 6e155fe0 Concurrency::details::ContextBase::GetWorkQueueIdentity 28 API calls 57014->57015 57016 6e161141 57015->57016 57075 6e155f80 57016->57075 57019 6e158660 _DebugHeapAllocator 27 API calls 57020 6e161151 57019->57020 57080 6e1562b0 27 API calls _DebugHeapAllocator 57020->57080 57022 6e16115e Concurrency::details::ExternalContextBase::~ExternalContextBase Concurrency::details::ContextBase::GetWorkQueueIdentity 57022->57013 57025 6e161194 57022->57025 57024 6e161369 57023->57024 57024->56889 57081 6e161370 27 API calls 57025->57081 57027 6e1611a0 57028 6e158fd0 _DebugHeapAllocator 27 API calls 57027->57028 57029 6e1611b5 57028->57029 57030 6e158fd0 _DebugHeapAllocator 27 API calls 57029->57030 57031 6e1611c6 57030->57031 57032 6e159330 _DebugHeapAllocator 27 API calls 57031->57032 57033 6e1611d8 57032->57033 57082 6e155940 27 API calls 5 library calls 57033->57082 57035 6e1611f7 57083 6e1559f0 27 API calls 5 library calls 57035->57083 57037 6e161228 57084 6e160860 92 API calls 5 library calls 57037->57084 57039 6e16123b 57040 6e159330 _DebugHeapAllocator 27 API calls 57039->57040 57042 6e161294 ISource 57039->57042 57041 6e16125f 57040->57041 57085 6e1559f0 27 API calls 5 library calls 57041->57085 57043 6e1612ee 57042->57043 57045 6e158660 _DebugHeapAllocator 27 API calls 57042->57045 57087 6e160f60 25 API calls task 57043->57087 57045->57043 57047 6e161284 57086 6e160860 92 API calls 5 library calls 57047->57086 57048 6e161301 57048->56889 57051 6e18116d __EH_prolog3 _Error_objects 57050->57051 57052 6e156460 _DebugHeapAllocator 16 API calls 57051->57052 57053 6e181186 57052->57053 57097 6e181523 57053->57097 57055 6e181199 __DllMainCRTStartup@12 57055->56889 57064 6e1819d8 65 API calls 57056->57064 57057 6e17b159 57058 6e17b1c1 ISource 57057->57058 57125 6e157ea0 65 API calls 2 library calls 57057->57125 57117 6e181b8f 57058->57117 57061 6e17b19d Concurrency::details::ContextBase::GetWorkQueueIdentity 57126 6e17e700 66 API calls 2 library calls 57061->57126 57064->57057 57066 6e17b20d __wsopen_s 57065->57066 57067 6e17b3a4 57066->57067 57070 6e1819d8 65 API calls 57066->57070 57071 6e181b8f 65 API calls 57066->57071 57068 6e18f224 __ehhandler$??2@YAPAXIABUnothrow_t@std@@@Z 5 API calls 57067->57068 57069 6e17b3ae 57068->57069 57069->56890 57070->57066 57071->57066 57072->56889 57073->56889 57076 6e155ed0 27 API calls 57075->57076 57077 6e155f97 57076->57077 57088 6e155de0 57077->57088 57080->57022 57081->57027 57082->57035 57083->57037 57084->57039 57085->57047 57086->57042 57087->57048 57089 6e155df9 57088->57089 57090 6e155def Concurrency::details::ContextBase::GetWorkQueueIdentity std::ios_base::good 57088->57090 57089->57019 57090->57089 57091 6e158d20 Concurrency::details::ContextBase::GetWorkQueueIdentity 27 API calls 57090->57091 57092 6e155e6e std::ios_base::good 57091->57092 57096 6e1578b0 26 API calls 2 library calls 57092->57096 57094 6e155ead 57095 6e158ea0 Concurrency::details::ContextBase::GetWorkQueueIdentity 16 API calls 57094->57095 57095->57089 57096->57094 57098 6e18152f __EH_prolog3 57097->57098 57099 6e18158e 57098->57099 57100 6e181537 57098->57100 57115 6e1809ff KiUserExceptionDispatcher CallUnexpected 57099->57115 57109 6e1811d2 57100->57109 57103 6e181570 Concurrency::details::ContextBase::GetWorkQueueIdentity 57107 6e181574 Concurrency::details::ContextBase::GetWorkQueueIdentity __DllMainCRTStartup@12 57103->57107 57116 6e18bf99 63 API calls 7 library calls 57103->57116 57104 6e181552 57108 6e1817d7 39 API calls 57104->57108 57106 6e1815a7 57107->57055 57108->57103 57110 6e1811de __EH_prolog3 _DebugHeapAllocator _Error_objects 57109->57110 57111 6e156460 _DebugHeapAllocator 16 API calls 57110->57111 57112 6e1811fc _Error_objects 57111->57112 57113 6e158ec0 _DebugHeapAllocator 27 API calls 57112->57113 57114 6e181229 __DllMainCRTStartup@12 57113->57114 57114->57104 57116->57106 57118 6e181b9b WriteFile 57117->57118 57121 6e17b1eb 57117->57121 57119 6e181bb6 GetLastError 57118->57119 57122 6e181bc4 Concurrency::details::ContextBase::GetWorkQueueIdentity 57118->57122 57127 6e18c34c 63 API calls 57119->57127 57121->56889 57122->57121 57128 6e18bf99 63 API calls 7 library calls 57122->57128 57124 6e181be0 57125->57061 57126->57058 57127->57122 57128->57124 57130 6e159503 57129->57130 57131 6e159549 GetProcAddress 57129->57131 57174 6e157ea0 65 API calls 2 library calls 57130->57174 57133 6e1595b7 CorBindToRuntimeEx 57131->57133 57134 6e159561 GetLastError FreeLibrary 57131->57134 57136 6e15963e ISource 57133->57136 57137 6e1595dd 57133->57137 57176 6e157ea0 65 API calls 2 library calls 57134->57176 57135 6e159510 Concurrency::details::ContextBase::GetWorkQueueIdentity 57140 6e15952a GetLastError 57135->57140 57141 6e1596de FreeLibrary 57136->57141 57148 6e159687 FreeLibrary 57136->57148 57137->57136 57143 6e159603 FreeLibrary 57137->57143 57139 6e159581 Concurrency::details::ContextBase::GetWorkQueueIdentity 57177 6e17e700 66 API calls 2 library calls 57139->57177 57175 6e17e700 66 API calls 2 library calls 57140->57175 57141->56903 57178 6e157ea0 65 API calls 2 library calls 57143->57178 57144 6e159537 ISource 57144->57131 57147 6e1595a5 ISource 57147->57133 57180 6e157ea0 65 API calls 2 library calls 57148->57180 57149 6e15961a Concurrency::details::ContextBase::GetWorkQueueIdentity 57179 6e17e700 66 API calls 2 library calls 57149->57179 57152 6e1596a8 Concurrency::details::ContextBase::GetWorkQueueIdentity 57181 6e17e700 66 API calls 2 library calls 57152->57181 57154 6e1596cc ISource 57154->57141 57156 6e15998e 57155->57156 57157 6e1599f8 Concurrency::details::ContextBase::GetWorkQueueIdentity ISource 57156->57157 57182 6e157ea0 65 API calls 2 library calls 57156->57182 57159 6e159a15 SysAllocString 57157->57159 57172 e78d007 57159->57172 57160 6e1599d1 Concurrency::details::ContextBase::GetWorkQueueIdentity 57183 6e17e700 66 API calls 2 library calls 57160->57183 57161 6e159a31 SysFreeString 57162 6e159a44 57161->57162 57166 6e159a86 ISource 57161->57166 57184 6e157ea0 65 API calls 2 library calls 57162->57184 57165 6e159a5f Concurrency::details::ContextBase::GetWorkQueueIdentity 57185 6e17e700 66 API calls 2 library calls 57165->57185 57171 6e159b36 ISource 57166->57171 57186 6e157ea0 65 API calls 2 library calls 57166->57186 57169 6e159b0f Concurrency::details::ContextBase::GetWorkQueueIdentity 57187 6e17e700 66 API calls 2 library calls 57169->57187 57171->56905 57172->57161 57173->56902 57174->57135 57175->57144 57176->57139 57177->57147 57178->57149 57179->57136 57180->57152 57181->57154 57182->57160 57183->57157 57184->57165 57185->57166 57186->57169 57187->57171 57189 6e159ba9 57188->57189 57211 6e159bb2 57188->57211 57191 6e159c2a SysAllocString 57189->57191 57216 6e157ea0 65 API calls 2 library calls 57189->57216 57190 6e159bd1 SysFreeString 57190->57189 57192 6e159c4d 57191->57192 57197 6e159c44 57191->57197 57195 6e159c63 SysFreeString 57192->57195 57194 6e159bf1 Concurrency::details::ContextBase::GetWorkQueueIdentity 57217 6e17e700 66 API calls 2 library calls 57194->57217 57195->57197 57199 6e159cd0 SysAllocString 57197->57199 57218 6e157ea0 65 API calls 2 library calls 57197->57218 57198 6e159c18 ISource 57198->57191 57201 6e159cec SysFreeString 57199->57201 57206 6e159ce3 57199->57206 57201->57206 57202 6e159c97 Concurrency::details::ContextBase::GetWorkQueueIdentity 57219 6e17e700 66 API calls 2 library calls 57202->57219 57205 6e159cbe ISource 57205->57199 57207 6e159d64 ISource 57206->57207 57220 6e157ea0 65 API calls 2 library calls 57206->57220 57207->56908 57209 6e159d3d Concurrency::details::ContextBase::GetWorkQueueIdentity 57221 6e17e700 66 API calls 2 library calls 57209->57221 57211->57190 57212->56920 57213->56923 57214->56916 57215->56912 57216->57194 57217->57198 57218->57202 57219->57205 57220->57209 57221->57207 57223 6e158680 _Error_objects 16 API calls 57222->57223 57224 6e154020 57223->57224 57225 6e159330 _DebugHeapAllocator 27 API calls 57224->57225 57360->56959 57862->56987 57863->56987 57865 6e1563e3 57864->57865 57866 6e1558a7 57864->57866 57865->57866 57868 6e156b20 65 API calls _Error_objects 57865->57868 57866->55243 57866->55244 57868->57866 57872 6e17f900 57869->57872 57875 6e17f8b0 57872->57875 57876 6e17f8cf initialize_legacy_wide_specifiers 57875->57876 57879 6e198a27 57876->57879 57882 6e195cf4 57879->57882 57881 6e17f3d3 57881->55254 57883 6e195cff 57882->57883 57884 6e195d14 57882->57884 57898 6e195554 14 API calls _memcpy_s 57883->57898 57886 6e195d58 57884->57886 57888 6e195d22 57884->57888 57902 6e195554 14 API calls _memcpy_s 57886->57902 57887 6e195d04 57899 6e19547a 25 API calls _memcpy_s 57887->57899 57900 6e1957f0 92 API calls 5 library calls 57888->57900 57892 6e195d50 57903 6e19547a 25 API calls _memcpy_s 57892->57903 57893 6e195d0f 57893->57881 57894 6e195d3a 57896 6e195d68 57894->57896 57901 6e195554 14 API calls _memcpy_s 57894->57901 57896->57881 57898->57887 57899->57893 57900->57894 57901->57892 57902->57892 57903->57896 57904->55180 57905->55184 57906->55186 57907->55175 57908->55182 57909->55182 57910 401cb2 57911 40145c 18 API calls 57910->57911 57912 401c54 57911->57912 57913 401c64 57912->57913 57914 4062cf 11 API calls 57912->57914 57915 401c59 57914->57915 57917 406cc7 57915->57917 57918 4067aa 18 API calls 57917->57918 57919 406cda 57918->57919 57920 406ce3 DeleteFileW 57919->57920 57921 406cfa 57919->57921 57936 406ee6 57920->57936 57923 406e77 57921->57923 57967 406035 lstrcpynW 57921->57967 57925 406e84 57923->57925 57929 406301 2 API calls 57923->57929 57923->57936 57924 406d25 57926 406d39 57924->57926 57927 406d2f lstrcatW 57924->57927 57933 4062cf 11 API calls 57925->57933 57930 40677d 2 API calls 57926->57930 57928 406d3f 57927->57928 57932 406d4f lstrcatW 57928->57932 57935 406d57 lstrlenW FindFirstFileW 57928->57935 57931 406e90 57929->57931 57930->57928 57934 406e94 57931->57934 57931->57936 57932->57935 57933->57936 57937 40674e 3 API calls 57934->57937 57938 406e67 57935->57938 57964 406d7e 57935->57964 57936->57913 57939 406e9a 57937->57939 57938->57923 57941 4062cf 11 API calls 57939->57941 57940 405d32 CharNextW 57940->57964 57942 406ea5 57941->57942 57971 405e5c GetFileAttributesW SetFileAttributesW 57942->57971 57945 406ead RemoveDirectoryW 57948 406ef0 57945->57948 57949 406eb9 57945->57949 57946 406e44 FindNextFileW 57947 406e5c FindClose 57946->57947 57946->57964 57947->57938 57950 404f9e 25 API calls 57948->57950 57951 406edc 57949->57951 57952 406ebf 57949->57952 57950->57936 57951->57925 57954 4062cf 11 API calls 57952->57954 57953 4062cf 11 API calls 57953->57964 57956 406ec9 57954->57956 57955 406cc7 72 API calls 57955->57964 57958 404f9e 25 API calls 57956->57958 57960 406ed3 57958->57960 57959 406dfa DeleteFileW 57959->57964 57972 406c94 42 API calls 57960->57972 57962 406eda 57962->57936 57963 404f9e 25 API calls 57963->57946 57964->57940 57964->57946 57964->57953 57964->57955 57964->57963 57965 404f9e 25 API calls 57964->57965 57968 406035 lstrcpynW 57964->57968 57969 405e5c GetFileAttributesW SetFileAttributesW 57964->57969 57970 406c94 42 API calls 57964->57970 57965->57964 57967->57924 57968->57964 57969->57959 57970->57964 57971->57945 57972->57962 57973 6e1a3823 GetLastError 57974 6e1a383a 57973->57974 57978 6e1a3840 57973->57978 57996 6e1a4f30 6 API calls _unexpected 57974->57996 57976 6e1a4f6f _unexpected 6 API calls 57977 6e1a385e 57976->57977 57979 6e1a4b9a _unexpected 12 API calls 57977->57979 57993 6e1a3846 SetLastError 57977->57993 57978->57976 57978->57993 57981 6e1a386e 57979->57981 57982 6e1a388d 57981->57982 57983 6e1a3876 57981->57983 57984 6e1a4f6f _unexpected 6 API calls 57982->57984 57985 6e1a4f6f _unexpected 6 API calls 57983->57985 57987 6e1a3899 57984->57987 57986 6e1a3884 57985->57986 57990 6e1a391e _free 12 API calls 57986->57990 57988 6e1a38ae 57987->57988 57989 6e1a389d 57987->57989 57997 6e1a34ce 14 API calls _unexpected 57988->57997 57991 6e1a4f6f _unexpected 6 API calls 57989->57991 57990->57993 57991->57986 57994 6e1a38b9 57995 6e1a391e _free 12 API calls 57994->57995 57995->57993 57996->57978 57997->57994 57998 401eb9 57999 401f24 57998->57999 58003 401ec6 57998->58003 58000 401f53 GlobalAlloc 57999->58000 58001 401f28 57999->58001 58004 406831 18 API calls 58000->58004 58005 401f36 58001->58005 58009 4062cf 11 API calls 58001->58009 58002 401ed5 58006 4062cf 11 API calls 58002->58006 58003->58002 58010 401ef7 58003->58010 58008 401f46 58004->58008 58022 406035 lstrcpynW 58005->58022 58017 401ee2 58006->58017 58011 402708 58008->58011 58012 402387 GlobalFree 58008->58012 58009->58005 58020 406035 lstrcpynW 58010->58020 58012->58011 58014 401f06 58021 406035 lstrcpynW 58014->58021 58015 406831 18 API calls 58015->58017 58017->58011 58017->58015 58018 401f15 58023 406035 lstrcpynW 58018->58023 58020->58014 58021->58018 58022->58008 58023->58011 54618 6e17d4fd 54619 6e17d50c 54618->54619 54622 6e17bf50 54619->54622 54623 6e17bf82 Concurrency::details::ContextBase::GetWorkQueueIdentity 54622->54623 54624 6e17c015 MulDiv MulDiv 54623->54624 54625 6e17c040 Concurrency::details::HardwareAffinity::operator!= 54623->54625 54630 6e17bff8 54623->54630 54624->54625 54627 6e17c086 54625->54627 54631 6e17c066 ScreenToClient 54625->54631 54632 6e17c0d0 PostMessageW PostMessageW PostMessageW PostMessageW 54627->54632 54629 6e17c0c0 54636 6e18f224 54630->54636 54631->54627 54633 6e17c284 PostMessageW PostMessageW Sleep PostMessageW PostMessageW 54632->54633 54634 6e17c198 7 API calls 54632->54634 54635 6e17c345 PostMessageW PostMessageW 54633->54635 54634->54635 54635->54630 54637 6e18f22d 54636->54637 54638 6e18f22f IsProcessorFeaturePresent 54636->54638 54637->54629 54640 6e18fbb4 54638->54640 54643 6e18fb78 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 54640->54643 54642 6e18fc97 54642->54629 54643->54642 54644 6e1826d4 54645 6e1826e2 54644->54645 54646 6e182709 54644->54646 54645->54646 54648 6e181a19 SetFilePointer 54645->54648 54649 6e181a5f 54648->54649 54650 6e181a46 GetLastError 54648->54650 54649->54646 54650->54649 54651 6e181a50 GetLastError 54650->54651 54653 6e18c34c 63 API calls 54651->54653 54653->54649 58024 6e18f645 58025 6e18f650 58024->58025 58026 6e18f683 58024->58026 58028 6e18f675 58025->58028 58029 6e18f655 58025->58029 58054 6e18f79f 167 API calls 5 library calls 58026->58054 58036 6e18f698 58028->58036 58030 6e18f65a 58029->58030 58031 6e18f66b 58029->58031 58035 6e18f65f 58030->58035 58052 6e18f334 21 API calls 58030->58052 58053 6e18f315 23 API calls 58031->58053 58037 6e18f6a4 ___scrt_is_nonwritable_in_current_image 58036->58037 58055 6e18f3a5 58037->58055 58039 6e18f6ab __DllMainCRTStartup@12 58040 6e18f6d2 58039->58040 58041 6e18f797 58039->58041 58047 6e18f721 ___scrt_is_nonwritable_in_current_image 58039->58047 58063 6e18f307 58040->58063 58075 6e1902e9 4 API calls 2 library calls 58041->58075 58044 6e18f79e 58045 6e18f6e1 __RTC_Initialize 58045->58047 58066 6e1904a3 InitializeSListHead 58045->58066 58047->58035 58048 6e18f6ef 58048->58047 58067 6e18f2dc 58048->58067 58050 6e18f70e 58050->58047 58071 6e1a3105 58050->58071 58052->58035 58053->58035 58054->58035 58056 6e18f3ae 58055->58056 58076 6e19010d IsProcessorFeaturePresent 58056->58076 58058 6e18f3ba 58077 6e193d76 10 API calls 2 library calls 58058->58077 58060 6e18f3bf 58062 6e18f3c3 58060->58062 58078 6e193dab 7 API calls 2 library calls 58060->58078 58062->58039 58079 6e18f3de 58063->58079 58065 6e18f30e 58065->58045 58066->58048 58068 6e18f2e1 ___scrt_release_startup_lock 58067->58068 58070 6e18f2ea 58068->58070 58086 6e19010d IsProcessorFeaturePresent 58068->58086 58070->58050 58072 6e1a3145 58071->58072 58073 6e1a3129 58071->58073 58072->58047 58073->58072 58087 6e1510c0 58073->58087 58075->58044 58076->58058 58077->58060 58078->58062 58080 6e18f3ea 58079->58080 58081 6e18f3ee 58079->58081 58080->58065 58082 6e18f3fb ___scrt_release_startup_lock 58081->58082 58085 6e1902e9 4 API calls 2 library calls 58081->58085 58082->58065 58084 6e18f464 58085->58084 58086->58070 58092 6e15bf30 58087->58092 58089 6e1510cd 58129 6e18f56b 28 API calls _Error_objects 58089->58129 58091 6e1510d7 58091->58073 58093 6e167640 _Error_objects 29 API calls 58092->58093 58094 6e15bf60 58093->58094 58095 6e158680 _Error_objects 16 API calls 58094->58095 58096 6e15bf72 58095->58096 58097 6e158680 _Error_objects 16 API calls 58096->58097 58098 6e15bf81 58097->58098 58099 6e158680 _Error_objects 16 API calls 58098->58099 58100 6e15bf90 58099->58100 58101 6e158680 _Error_objects 16 API calls 58100->58101 58102 6e15bf9f Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 58101->58102 58103 6e158680 _Error_objects 16 API calls 58102->58103 58104 6e15bfbd 58103->58104 58105 6e158680 _Error_objects 16 API calls 58104->58105 58106 6e15bfcc 58105->58106 58107 6e158680 _Error_objects 16 API calls 58106->58107 58108 6e15bfdb _Error_objects 58107->58108 58109 6e15a6b0 _Error_objects 92 API calls 58108->58109 58110 6e15bff7 58109->58110 58111 6e158660 _DebugHeapAllocator 27 API calls 58110->58111 58112 6e15c013 ISource 58111->58112 58113 6e158fd0 _DebugHeapAllocator 27 API calls 58112->58113 58114 6e15c04d 58113->58114 58115 6e15a6b0 _Error_objects 92 API calls 58114->58115 58116 6e15c06a Concurrency::details::ContextBase::GetWorkQueueIdentity 58115->58116 58130 6e15c9b0 66 API calls 2 library calls 58116->58130 58118 6e15c08b 58119 6e159330 _DebugHeapAllocator 27 API calls 58118->58119 58120 6e15c0b0 58119->58120 58121 6e159330 _DebugHeapAllocator 27 API calls 58120->58121 58122 6e15c0c6 58121->58122 58131 6e15a490 92 API calls 6 library calls 58122->58131 58124 6e15c0d3 Concurrency::details::ContextBase::GetWorkQueueIdentity 58132 6e15c9b0 66 API calls 2 library calls 58124->58132 58126 6e15c0f4 58133 6e15ce70 92 API calls _Error_objects 58126->58133 58128 6e15c118 ISource 58128->58089 58129->58091 58130->58118 58131->58124 58132->58126 58133->58128 58134 4019fd 58135 40145c 18 API calls 58134->58135 58136 401a04 58135->58136 58137 405eab 2 API calls 58136->58137 58138 401a0b 58137->58138 58139 6e18f985 58140 6e18f98e 58139->58140 58141 6e18f993 58139->58141 58160 6e190458 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 58140->58160 58145 6e18f84f 58141->58145 58146 6e18f85b ___scrt_is_nonwritable_in_current_image 58145->58146 58147 6e18f884 dllmain_raw 58146->58147 58148 6e18f87f 58146->58148 58156 6e18f86a 58146->58156 58149 6e18f89e dllmain_crt_dispatch 58147->58149 58147->58156 58161 6e180721 58148->58161 58149->58148 58149->58156 58151 6e18f8bf 58152 6e18f8f0 58151->58152 58155 6e180721 __DllMainCRTStartup@12 93 API calls 58151->58155 58153 6e18f8f9 dllmain_crt_dispatch 58152->58153 58152->58156 58154 6e18f90c dllmain_raw 58153->58154 58153->58156 58154->58156 58157 6e18f8d7 58155->58157 58197 6e18f79f 167 API calls 5 library calls 58157->58197 58159 6e18f8e5 dllmain_raw 58159->58152 58160->58141 58162 6e180759 58161->58162 58163 6e18072d 58161->58163 58166 6e18076c 58162->58166 58167 6e1807d2 58162->58167 58164 6e180735 58163->58164 58165 6e180747 58163->58165 58168 6e18b06e __DllMainCRTStartup@12 48 API calls 58164->58168 58169 6e18073a 58165->58169 58210 6e18075f 93 API calls __DllMainCRTStartup@12 58165->58210 58198 6e18b176 SetErrorMode SetErrorMode 58166->58198 58171 6e180810 58167->58171 58172 6e1807d6 58167->58172 58168->58169 58169->58151 58193 6e180786 __DllMainCRTStartup@12 58171->58193 58217 6e18b79e 48 API calls __DllMainCRTStartup@12 58171->58217 58175 6e18b06e __DllMainCRTStartup@12 48 API calls 58172->58175 58179 6e1807db 58175->58179 58176 6e180788 58181 6e18b06e __DllMainCRTStartup@12 48 API calls 58176->58181 58177 6e180781 58211 6e18b60a 75 API calls __DllMainCRTStartup@12 58177->58211 58214 6e18b79e 48 API calls __DllMainCRTStartup@12 58179->58214 58185 6e18078e 58181->58185 58182 6e18081a 58218 6e18b7a7 48 API calls 3 library calls 58182->58218 58188 6e1807c2 58185->58188 58195 6e1807aa 58185->58195 58186 6e180821 58219 6e18b434 55 API calls 2 library calls 58186->58219 58187 6e1807f8 58215 6e18b7a7 48 API calls 3 library calls 58187->58215 58213 6e18a677 EnterCriticalSection LeaveCriticalSection 58188->58213 58192 6e1807ff 58216 6e18b60a 75 API calls __DllMainCRTStartup@12 58192->58216 58193->58151 58212 6e18b60a 75 API calls __DllMainCRTStartup@12 58195->58212 58197->58159 58199 6e18b06e __DllMainCRTStartup@12 48 API calls 58198->58199 58200 6e18b193 58199->58200 58201 6e18b06e __DllMainCRTStartup@12 48 API calls 58200->58201 58202 6e18b1a1 58201->58202 58203 6e18b1a8 58202->58203 58204 6e18b1bc 58202->58204 58220 6e18b1d4 70 API calls 4 library calls 58203->58220 58206 6e18b06e __DllMainCRTStartup@12 48 API calls 58204->58206 58207 6e18b1c1 58206->58207 58208 6e18077d 58207->58208 58221 6e18b3aa 50 API calls __DllMainCRTStartup@12 58207->58221 58208->58176 58208->58177 58210->58169 58211->58193 58212->58193 58213->58193 58214->58187 58215->58192 58216->58193 58217->58182 58218->58186 58219->58193 58220->58204 58221->58208 54654 6e15113b 54657 6e182bb6 54654->54657 54666 6e18b06e 54657->54666 54661 6e182bc8 54682 6e18a655 54661->54682 54665 6e151140 54692 6e18aa2a 54666->54692 54668 6e18b07d 54669 6e182bbf 54668->54669 54707 6e18a9ce 7 API calls 3 library calls 54668->54707 54671 6e18ba4e 54669->54671 54672 6e18ba5b 54671->54672 54673 6e18babc 54671->54673 54674 6e18ba69 54672->54674 54744 6e18b9e5 InitializeCriticalSection 54672->54744 54745 6e1809ff KiUserExceptionDispatcher CallUnexpected 54673->54745 54677 6e18ba78 EnterCriticalSection 54674->54677 54678 6e18baaa EnterCriticalSection 54674->54678 54680 6e18ba8f InitializeCriticalSection 54677->54680 54681 6e18baa2 LeaveCriticalSection 54677->54681 54678->54661 54680->54681 54681->54678 54683 6e18a671 54682->54683 54684 6e182bd3 54682->54684 54746 6e1809ff KiUserExceptionDispatcher CallUnexpected 54683->54746 54687 6e18bac2 54684->54687 54688 6e18bacd LeaveCriticalSection 54687->54688 54689 6e18bae0 54687->54689 54688->54665 54747 6e1809ff KiUserExceptionDispatcher CallUnexpected 54689->54747 54695 6e18aa36 __EH_prolog3 54692->54695 54693 6e18aaaf 54737 6e1809ff KiUserExceptionDispatcher CallUnexpected 54693->54737 54695->54693 54696 6e18aa77 54695->54696 54699 6e18aa5d 54695->54699 54735 6e18a4de TlsAlloc InitializeCriticalSection KiUserExceptionDispatcher _DebugHeapAllocator 54695->54735 54728 6e18aacf EnterCriticalSection 54696->54728 54699->54693 54708 6e18a6d6 EnterCriticalSection 54699->54708 54703 6e18aa71 54703->54693 54703->54696 54704 6e18aa89 54736 6e18ab77 24 API calls 4 library calls 54704->54736 54705 6e18aaa5 __DllMainCRTStartup@12 54705->54668 54707->54669 54712 6e18a6fb 54708->54712 54709 6e18a73a 54738 6e15dba0 54709->54738 54710 6e18a74f GlobalHandle GlobalUnlock 54714 6e15dba0 __DllMainCRTStartup@12 16 API calls 54710->54714 54711 6e18a7bb LeaveCriticalSection 54711->54703 54712->54709 54712->54710 54723 6e18a79f _memcpy_s 54712->54723 54716 6e18a76e GlobalReAlloc 54714->54716 54717 6e18a77b 54716->54717 54718 6e18a77f GlobalLock 54717->54718 54719 6e18a7d2 54717->54719 54718->54723 54720 6e18a7e6 LeaveCriticalSection 54719->54720 54721 6e18a7d7 GlobalHandle GlobalLock 54719->54721 54742 6e180a19 KiUserExceptionDispatcher CallUnexpected 54720->54742 54721->54720 54723->54711 54729 6e18aae8 54728->54729 54730 6e18ab13 LeaveCriticalSection 54728->54730 54729->54730 54731 6e18aaed TlsGetValue 54729->54731 54732 6e18aa83 54730->54732 54731->54730 54733 6e18aaf9 54731->54733 54732->54704 54732->54705 54733->54730 54734 6e18ab05 LeaveCriticalSection 54733->54734 54734->54732 54735->54699 54736->54705 54739 6e15dbb7 __DllMainCRTStartup@12 54738->54739 54740 6e15dbcc GlobalAlloc 54739->54740 54743 6e1590c0 16 API calls _DebugHeapAllocator 54739->54743 54740->54717 54743->54740 54744->54674 54748 4038af #17 SetErrorMode OleInitialize 54821 406328 GetModuleHandleA 54748->54821 54752 40391d GetCommandLineW 54826 406035 lstrcpynW 54752->54826 54754 40392f GetModuleHandleW 54755 403947 54754->54755 54827 405d32 54755->54827 54758 403a02 54759 403a21 GetTempPathW 54758->54759 54831 4037f8 54759->54831 54761 403a37 54762 403a3b GetWindowsDirectoryW lstrcatW 54761->54762 54763 403a5f DeleteFileW 54761->54763 54765 4037f8 11 API calls 54762->54765 54839 4035b3 GetTickCount GetModuleFileNameW 54763->54839 54764 405d32 CharNextW 54769 403968 54764->54769 54767 403a57 54765->54767 54767->54763 54817 403af8 54767->54817 54768 403a73 54770 403add 54768->54770 54773 405d32 CharNextW 54768->54773 54768->54817 54769->54758 54769->54764 54777 403a04 54769->54777 54867 405958 54770->54867 54772 403afd OleUninitialize 54775 403bfa 54772->54775 54776 403b0d 54772->54776 54787 403a8a 54773->54787 54781 403c7d 54775->54781 54783 406328 3 API calls 54775->54783 54956 405ccc MessageBoxIndirectW 54776->54956 54925 406035 lstrcpynW 54777->54925 54782 403b1b ExitProcess 54784 403c09 54783->54784 54789 406328 3 API calls 54784->54789 54785 403b23 lstrcatW lstrcmpiW 54791 403b3f CreateDirectoryW SetCurrentDirectoryW 54785->54791 54785->54817 54786 403ab5 54926 4067aa 54786->54926 54787->54785 54787->54786 54792 403c12 54789->54792 54794 403b62 54791->54794 54795 403b57 54791->54795 54796 406328 3 API calls 54792->54796 54958 406035 lstrcpynW 54794->54958 54957 406035 lstrcpynW 54795->54957 54799 403c1b 54796->54799 54802 403c69 ExitWindowsEx 54799->54802 54809 403c29 GetCurrentProcess 54799->54809 54801 403b70 54959 406035 lstrcpynW 54801->54959 54802->54781 54807 403c76 54802->54807 54803 403ad2 54941 406035 lstrcpynW 54803->54941 54806 403b7f 54813 403bee 54806->54813 54818 406831 18 API calls 54806->54818 54820 403bd9 CloseHandle 54806->54820 54960 406831 54806->54960 54979 406c94 42 API calls 54806->54979 54980 405c6b CreateProcessW CloseHandle 54806->54980 54982 40141d 80 API calls 54807->54982 54816 403c39 54809->54816 54812 403ba5 CopyFileW 54812->54806 54981 406c94 42 API calls 54813->54981 54816->54802 54955 403885 84 API calls 54817->54955 54818->54806 54820->54806 54822 406340 LoadLibraryA 54821->54822 54823 40634b GetProcAddress 54821->54823 54822->54823 54824 4038f2 SHGetFileInfoW 54822->54824 54823->54824 54825 406035 lstrcpynW 54824->54825 54825->54752 54826->54754 54828 405d38 54827->54828 54829 403956 CharNextW 54828->54829 54830 405d3f CharNextW 54828->54830 54829->54769 54830->54828 54983 406064 54831->54983 54833 403804 54834 40380e 54833->54834 54992 40674e lstrlenW CharPrevW 54833->54992 54834->54761 54999 405e7c GetFileAttributesW CreateFileW 54839->54999 54841 4035f3 54860 403603 54841->54860 55000 406035 lstrcpynW 54841->55000 54843 403619 55001 40677d lstrlenW 54843->55001 54847 40362a GetFileSize 54848 403641 54847->54848 54864 403726 54847->54864 54853 4037e9 54848->54853 54848->54860 54862 4032d2 6 API calls 54848->54862 54848->54864 55006 403336 ReadFile 54848->55006 54850 40372f 54852 40376b GlobalAlloc 54850->54852 54850->54860 55019 403368 SetFilePointer 54850->55019 55020 403368 SetFilePointer 54852->55020 54856 4032d2 6 API calls 54853->54856 54856->54860 54857 403786 55021 40337f 54857->55021 54858 40374c 54859 403336 ReadFile 54858->54859 54863 403757 54859->54863 54860->54768 54862->54848 54863->54852 54863->54860 55008 4032d2 54864->55008 54866 4037c0 SetFilePointer 54866->54860 54868 406328 3 API calls 54867->54868 54869 40596c 54868->54869 54870 405972 54869->54870 54871 405984 54869->54871 55064 405f7d wsprintfW 54870->55064 55065 405eff RegOpenKeyExW RegQueryValueExW RegCloseKey 54871->55065 54873 4059b5 54875 4059d4 lstrcatW 54873->54875 55066 405eff RegOpenKeyExW RegQueryValueExW RegCloseKey 54873->55066 54876 405982 54875->54876 55055 403ec1 54876->55055 54880 4067aa 18 API calls 54881 405a06 54880->54881 54882 405a9c 54881->54882 55067 405eff RegOpenKeyExW RegQueryValueExW RegCloseKey 54881->55067 54883 4067aa 18 API calls 54882->54883 54884 405aa2 54883->54884 54887 405ab2 54884->54887 54888 406831 18 API calls 54884->54888 54886 405a38 54886->54882 54890 405a5b lstrlenW 54886->54890 54893 405d32 CharNextW 54886->54893 54889 405ad2 LoadImageW 54887->54889 55069 403ea0 lstrcatW lstrcpynW lstrlenW CharPrevW lstrcatW 54887->55069 54888->54887 54891 405b92 54889->54891 54892 405afd RegisterClassW 54889->54892 54894 405a69 lstrcmpiW 54890->54894 54895 405a8f 54890->54895 55070 40141d 80 API calls 54891->55070 54897 405b45 SystemParametersInfoW CreateWindowExW 54892->54897 54906 403aed 54892->54906 54899 405a56 54893->54899 54894->54895 54900 405a79 GetFileAttributesW 54894->54900 54902 40674e 3 API calls 54895->54902 54897->54891 54899->54890 54904 405a85 54900->54904 54901 405ac8 54901->54889 54905 405a95 54902->54905 54903 405b98 54903->54906 54907 403ec1 19 API calls 54903->54907 54904->54895 54908 40677d 2 API calls 54904->54908 55068 406035 lstrcpynW 54905->55068 54942 406113 54906->54942 54910 405ba9 54907->54910 54908->54895 54911 405bb5 ShowWindow LoadLibraryW 54910->54911 54912 405c38 54910->54912 54913 405bd4 LoadLibraryW 54911->54913 54914 405bdb GetClassInfoW 54911->54914 55072 405073 83 API calls 54912->55072 54913->54914 54916 405c05 DialogBoxParamW 54914->54916 54917 405bef GetClassInfoW RegisterClassW 54914->54917 55071 40141d 80 API calls 54916->55071 54917->54916 54918 405c3e 54920 405c42 54918->54920 54921 405c5a 54918->54921 54920->54906 55073 40141d 80 API calls 54920->55073 55074 40141d 80 API calls 54921->55074 54923 405c2d 54923->54906 54925->54759 55076 406035 lstrcpynW 54926->55076 54928 4067bb 55077 405d85 CharNextW CharNextW 54928->55077 54931 406064 5 API calls 54937 4067d1 54931->54937 54932 406809 lstrlenW 54933 406810 54932->54933 54932->54937 54934 40674e 3 API calls 54933->54934 54936 406816 GetFileAttributesW 54934->54936 54938 403ac3 54936->54938 54937->54932 54937->54938 54939 40677d 2 API calls 54937->54939 55083 406301 FindFirstFileW 54937->55083 54938->54817 54940 406035 lstrcpynW 54938->54940 54939->54932 54940->54803 54941->54770 54943 40613c 54942->54943 54944 40611f 54942->54944 54945 406130 54943->54945 54947 4061b3 54943->54947 54948 406159 54943->54948 54944->54945 54946 406129 CloseHandle 54944->54946 54945->54817 54946->54945 54947->54945 54950 4061bc lstrcatW lstrlenW WriteFile 54947->54950 54949 406162 GetFileAttributesW 54948->54949 54948->54950 55086 405e7c GetFileAttributesW CreateFileW 54949->55086 54950->54945 54952 40617e 54952->54945 54953 4061a8 SetFilePointer 54952->54953 54954 40618e WriteFile 54952->54954 54953->54947 54954->54953 54955->54772 54956->54782 54957->54794 54958->54801 54959->54806 54973 40683e 54960->54973 54961 406aab 54962 403b98 DeleteFileW 54961->54962 55090 406035 lstrcpynW 54961->55090 54962->54806 54962->54812 54964 4068ff GetVersion 54974 40690c 54964->54974 54965 406a72 lstrlenW 54965->54973 54968 406831 10 API calls 54968->54965 54970 40697e GetSystemDirectoryW 54970->54974 54971 406991 GetWindowsDirectoryW 54971->54974 54972 406064 5 API calls 54972->54973 54973->54961 54973->54964 54973->54965 54973->54968 54973->54972 55088 405f7d wsprintfW 54973->55088 55089 406035 lstrcpynW 54973->55089 54974->54970 54974->54971 54974->54973 54975 4069c5 SHGetSpecialFolderLocation 54974->54975 54976 406831 10 API calls 54974->54976 54977 406a0b lstrcatW 54974->54977 55087 405eff RegOpenKeyExW RegQueryValueExW RegCloseKey 54974->55087 54975->54974 54978 4069dd SHGetPathFromIDListW CoTaskMemFree 54975->54978 54976->54974 54977->54973 54978->54974 54979->54806 54980->54806 54981->54817 54982->54781 54984 406071 54983->54984 54986 4060da CharNextW 54984->54986 54987 405d32 CharNextW 54984->54987 54988 4060e7 54984->54988 54990 4060c6 CharNextW 54984->54990 54991 4060d5 CharNextW 54984->54991 54985 4060ed CharPrevW 54985->54988 54986->54984 54986->54988 54987->54984 54988->54985 54989 40610d 54988->54989 54989->54833 54990->54984 54991->54986 54993 403816 CreateDirectoryW 54992->54993 54994 40676b lstrcatW 54992->54994 54995 405eab 54993->54995 54994->54993 54996 405eb8 GetTickCount GetTempFileNameW 54995->54996 54997 40382a 54996->54997 54998 405eee 54996->54998 54997->54761 54998->54996 54998->54997 54999->54841 55000->54843 55002 40678c 55001->55002 55003 406792 CharPrevW 55002->55003 55004 40361f 55002->55004 55003->55002 55003->55004 55005 406035 lstrcpynW 55004->55005 55005->54847 55007 403357 55006->55007 55007->54848 55009 4032f3 55008->55009 55010 4032db 55008->55010 55013 403303 GetTickCount 55009->55013 55014 4032fb 55009->55014 55011 4032e4 DestroyWindow 55010->55011 55012 4032eb 55010->55012 55011->55012 55012->54850 55016 403311 CreateDialogParamW ShowWindow 55013->55016 55017 403334 55013->55017 55042 40635e DispatchMessageW PeekMessageW 55014->55042 55016->55017 55017->54850 55018 403301 55018->54850 55019->54858 55020->54857 55022 40339a 55021->55022 55023 4033c7 55022->55023 55043 403368 SetFilePointer 55022->55043 55025 403336 ReadFile 55023->55025 55026 4033d2 55025->55026 55027 403546 55026->55027 55028 4033eb GetTickCount 55026->55028 55030 4033d6 55026->55030 55029 40354a 55027->55029 55034 40356e 55027->55034 55028->55030 55038 403438 55028->55038 55031 403336 ReadFile 55029->55031 55030->54860 55030->54866 55031->55030 55032 403336 ReadFile 55032->55038 55033 403336 ReadFile 55033->55034 55034->55030 55034->55033 55035 40358d WriteFile 55034->55035 55035->55030 55036 4035a1 55035->55036 55036->55030 55036->55034 55037 40348a GetTickCount 55037->55038 55038->55030 55038->55032 55038->55037 55039 4034af MulDiv wsprintfW 55038->55039 55041 4034f3 WriteFile 55038->55041 55044 404f9e 55039->55044 55041->55030 55041->55038 55042->55018 55043->55023 55045 404fb7 55044->55045 55051 40505b 55044->55051 55046 404fd5 lstrlenW 55045->55046 55047 406831 18 API calls 55045->55047 55048 404fe3 lstrlenW 55046->55048 55049 404ffe 55046->55049 55047->55046 55050 404ff5 lstrcatW 55048->55050 55048->55051 55052 405011 55049->55052 55053 405004 SetWindowTextW 55049->55053 55050->55049 55051->55038 55052->55051 55054 405017 SendMessageW SendMessageW SendMessageW 55052->55054 55053->55052 55054->55051 55056 403ed5 55055->55056 55075 405f7d wsprintfW 55056->55075 55058 403f49 55059 406831 18 API calls 55058->55059 55060 403f55 SetWindowTextW 55059->55060 55061 403f70 55060->55061 55062 403f8b 55061->55062 55063 406831 18 API calls 55061->55063 55062->54880 55063->55061 55064->54876 55065->54873 55066->54875 55067->54886 55068->54882 55069->54901 55070->54903 55071->54923 55072->54918 55073->54906 55074->54906 55075->55058 55076->54928 55079 405da2 55077->55079 55082 405db4 55077->55082 55078 405dd8 55078->54931 55078->54938 55080 405daf CharNextW 55079->55080 55079->55082 55080->55078 55081 405d32 CharNextW 55081->55082 55082->55078 55082->55081 55084 406322 55083->55084 55085 406317 FindClose 55083->55085 55084->54937 55085->55084 55086->54952 55087->54974 55088->54973 55089->54973 55090->54962 58222 401a1f 58223 40145c 18 API calls 58222->58223 58224 401a26 58223->58224 58225 4062cf 11 API calls 58224->58225 58226 401a49 58225->58226 58227 401a64 58226->58227 58228 401a5c 58226->58228 58277 406035 lstrcpynW 58227->58277 58276 406035 lstrcpynW 58228->58276 58231 401a62 58235 406064 5 API calls 58231->58235 58232 401a6f 58233 40674e 3 API calls 58232->58233 58234 401a75 lstrcatW 58233->58234 58234->58231 58264 401a81 58235->58264 58236 401ac2 58278 405e5c GetFileAttributesW SetFileAttributesW 58236->58278 58237 406301 2 API calls 58237->58264 58240 401a98 CompareFileTime 58240->58264 58241 401ba9 58242 404f9e 25 API calls 58241->58242 58243 401bb3 58242->58243 58246 40337f 33 API calls 58243->58246 58244 4062cf 11 API calls 58244->58264 58245 404f9e 25 API calls 58247 401b70 58245->58247 58248 401bc6 58246->58248 58249 4062cf 11 API calls 58247->58249 58250 4062cf 11 API calls 58248->58250 58273 401b8b 58249->58273 58251 401bda 58250->58251 58253 401be9 SetFileTime 58251->58253 58254 401bf8 CloseHandle 58251->58254 58252 406035 lstrcpynW 58252->58264 58253->58254 58256 401c09 58254->58256 58254->58273 58255 406831 18 API calls 58255->58264 58257 401c21 58256->58257 58258 401c0e 58256->58258 58260 406831 18 API calls 58257->58260 58259 406831 18 API calls 58258->58259 58262 401c16 lstrcatW 58259->58262 58263 401c29 58260->58263 58262->58263 58265 4062cf 11 API calls 58263->58265 58264->58236 58264->58237 58264->58240 58264->58241 58264->58244 58264->58252 58264->58255 58266 401b50 58264->58266 58274 401b5d 58264->58274 58275 405e7c GetFileAttributesW CreateFileW 58264->58275 58279 405ccc MessageBoxIndirectW 58264->58279 58267 401c34 58265->58267 58268 401b93 58266->58268 58269 401b53 58266->58269 58280 405ccc MessageBoxIndirectW 58267->58280 58271 4062cf 11 API calls 58268->58271 58272 4062cf 11 API calls 58269->58272 58271->58273 58272->58274 58274->58245 58275->58264 58276->58231 58277->58232 58278->58264 58279->58264 58280->58273

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 6E154C20 Relevance: 95.0, APIs: 32, Strings: 22, Instructions: 532memorythreadsleepCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 6e154c20-6e154d1d call 6e158680 call 6e192b00 call 6e158680 call 6e1547d0 call 6e1560d0 call 6e158ff0 call 6e159330 call 6e1512e0 17 6e154d44-6e154d4b call 6e158660 0->17 18 6e154d1f-6e154d42 call 6e1585a0 call 6e161050 0->18 22 6e154d50-6e154d67 call 6e155fe0 call 6e156320 17->22 18->22 29 6e154e02-6e154e4d call 6e156350 call 6e17f3a0 call 6e155860 call 6e167c60 call 6e156d70 22->29 30 6e154d6d-6e154db2 call 6e157cc0 call 6e157c80 ExpandEnvironmentStringsW call 6e1583a0 call 6e159330 22->30 55 6e154e61 29->55 56 6e154e4f-6e154e56 29->56 47 6e154db4-6e154dd4 call 6e155fe0 call 6e1585a0 30->47 48 6e154dd6-6e154df3 call 6e155fe0 call 6e1585a0 30->48 65 6e154df6-6e154dfd call 6e155840 47->65 48->65 59 6e154e68-6e154e74 55->59 56->55 58 6e154e58-6e154e5f 56->58 58->59 62 6e154e76-6e154e7d 59->62 63 6e154e83-6e154e89 59->63 62->63 66 6e154e7f 62->66 67 6e154e8f-6e154ebe GetCurrentThreadId GetThreadDesktop CreateDesktopW 63->67 68 6e154f7a-6e154fa7 call 6e156350 CreateProcessW 63->68 65->29 66->63 70 6e154ec0-6e154f0a GetLastError call 6e157ea0 call 6e157c80 call 6e17e700 call 6e155840 67->70 71 6e154f0f-6e154f1b SetThreadDesktop 67->71 79 6e155016-6e155051 CloseHandle CreateJobObjectW AssignProcessToJobObject 68->79 80 6e154fa9-6e154fb8 GetLastError 68->80 70->71 73 6e154f70 71->73 74 6e154f1d-6e154f6b GetLastError CloseDesktop call 6e157ea0 call 6e157c80 call 6e17e700 call 6e155840 71->74 73->68 74->73 82 6e155057-6e155092 call 6e158ff0 call 6e17f410 call 6e156d70 79->82 83 6e1552a2-6e1552a8 79->83 85 6e154fc4-6e155011 call 6e157ea0 call 6e157c80 call 6e17e700 call 6e155840 80->85 86 6e154fba-6e154fbe CloseDesktop 80->86 82->83 131 6e155098-6e15510d call 6e156d90 call 6e158680 call 6e158fd0 Sleep call 6e17f3a0 82->131 89 6e1552be-6e1552c4 83->89 90 6e1552aa-6e1552b8 SetThreadDesktop CloseDesktop 83->90 85->79 86->85 96 6e15534c-6e155366 call 6e155860 call 6e167a60 89->96 97 6e1552ca-6e1552f0 call 6e155860 call 6e167c60 89->97 90->89 117 6e15536b-6e155399 WaitForSingleObject 96->117 120 6e1552f2-6e155308 TerminateProcess call 6e17f3a0 97->120 121 6e15530b-6e155331 call 6e155860 call 6e167c60 97->121 122 6e1553ae-6e1553c6 GetExitCodeProcess 117->122 123 6e15539b-6e1553ac call 6e17f3a0 117->123 120->121 146 6e155333-6e155340 call 6e17f3a0 121->146 147 6e155342 121->147 129 6e1553dc 122->129 130 6e1553c8-6e1553d9 call 6e17f3a0 122->130 137 6e1553e3-6e15542f CloseHandle * 2 call 6e155840 * 3 123->137 129->137 130->129 158 6e155118-6e15511c 131->158 146->96 147->96 159 6e1551a7-6e1551af call 6e17ca50 158->159 160 6e155122-6e15513f call 6e17c9d0 158->160 163 6e1551b4-6e15525b call 6e158fd0 call 6e1558e0 159->163 166 6e155147-6e1551a2 Sleep 160->166 167 6e155141-6e155145 160->167 179 6e15525d-6e15527c call 6e17f3a0 163->179 180 6e15528c-6e15529d call 6e155830 call 6e155840 163->180 176 6e15510f-6e155115 166->176 167->159 176->158 179->180 185 6e15527e-6e15528a call 6e155840 179->185 180->83 185->83
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1547D0: _DebugHeapAllocator.LIBCPMTD ref: 6E15482D
                                                                                                                                                                                                                                            • Part of subcall function 6E1547D0: PathFileExistsW.KERNELBASE(00000000,?,?,?,A4C33E3A), ref: 6E154BB9
                                                                                                                                                                                                                                            • Part of subcall function 6E1547D0: _DebugHeapAllocator.LIBCPMTD ref: 6E154BDF
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154CFD
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154D4B
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E154D56
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E154D5D
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?), ref: 6E154D8C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154DA3
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E154DB7
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E154DD9
                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6E154E8F
                                                                                                                                                                                                                                          • GetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E154E96
                                                                                                                                                                                                                                          • CreateDesktopW.USER32(6E1BE3F8,00000000,00000000,00000000,02000000,00000000), ref: 6E154EB1
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: _DebugHeapAllocator.LIBCPMTD ref: 6E1610C6
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1610D2
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: std::ios_base::good.LIBCPMTD ref: 6E1610DA
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E154F13
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E154F1D
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E154F2A
                                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,01000000,00000000,00000000,00000044,?,uiScriptTest,?,00000000,?,?), ref: 6E154F9F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E154FA9
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E154FBE
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(000004A8,?,00000000,?,?), ref: 6E15501D
                                                                                                                                                                                                                                          • CreateJobObjectW.KERNEL32(00000000,sib), ref: 6E15502A
                                                                                                                                                                                                                                          • AssignProcessToJobObject.KERNEL32(000004A8,?), ref: 6E155040
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1550C1
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(07A2E8F0,6E1BE520,00000000,00000000,?,?), ref: 6E1550D1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?), ref: 6E154EC0
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • start : %s, xrefs: 6E154E0B
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • process was completed with exit code: %d, xrefs: 6E1553CF
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E154EC9
                                                                                                                                                                                                                                          • uiScriptTest, xrefs: 6E154E23
                                                                                                                                                                                                                                          • sib, xrefs: 6E155023
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • %s %s, xrefs: 6E154DC3
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • ((e, xrefs: 6E154E2D
                                                                                                                                                                                                                                          • step#%d: %s %s %s, xrefs: 6E1550F9
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E154FC4
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • "%s" %s, xrefs: 6E154DE5
                                                                                                                                                                                                                                          • .msi, xrefs: 6E154CDC
                                                                                                                                                                                                                                          • starting UI Script, xrefs: 6E155060
                                                                                                                                                                                                                                          • D, xrefs: 6E154C97
                                                                                                                                                                                                                                          • [SystemFolder]msiexec.exe /i "%s", xrefs: 6E154D23
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E154F30
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextDesktopIdentityQueueWork$CloseCreateErrorLastThread$ObjectProcessstd::ios_base::good$AssignCurrentEnvironmentExistsExpandFileHandlePathSleepStrings
                                                                                                                                                                                                                                          • String ID: "%s" %s$%s %s$((e$.msi$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$D$[SystemFolder]msiexec.exe /i "%s"$failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$process was completed with exit code: %d$sib$start : %s$starting UI Script$step#%d: %s %s %s$timeout %d min. was reached but the process still active.$uiScriptTest$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 813913006-858468199
                                                                                                                                                                                                                                          • Opcode ID: 4c9dc2c6c86bece4eccacc5b2cc555633b1beb96ebe273723d5f4bbc567e43f4
                                                                                                                                                                                                                                          • Instruction ID: ee801015ec2a89929ef0fdf26833dd07cab1ccdf72512885d645bd9dc8bbde1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c9dc2c6c86bece4eccacc5b2cc555633b1beb96ebe273723d5f4bbc567e43f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C322B2B0D04208EFDF04DBE4DC54BEEBBB9AF55308F108459E416AB381DB745A94EBA1
                                                                                                                                                                                                                                          Function 004038AF Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304filestringcomCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 336 4038af-403945 #17 SetErrorMode OleInitialize call 406328 SHGetFileInfoW call 406035 GetCommandLineW call 406035 GetModuleHandleW 343 403947-40394a 336->343 344 40394f-403963 call 405d32 CharNextW 336->344 343->344 347 4039f6-4039fc 344->347 348 403a02 347->348 349 403968-40396e 347->349 352 403a21-403a39 GetTempPathW call 4037f8 348->352 350 403970-403976 349->350 351 403978-40397c 349->351 350->350 350->351 354 403984-403988 351->354 355 40397e-403983 351->355 359 403a3b-403a59 GetWindowsDirectoryW lstrcatW call 4037f8 352->359 360 403a5f-403a79 DeleteFileW call 4035b3 352->360 357 4039e4-4039f1 call 405d32 354->357 358 40398a-403991 354->358 355->354 357->347 372 4039f3 357->372 362 403993-40399a 358->362 363 4039a6-4039b8 call 40382c 358->363 359->360 374 403af8-403b07 call 403885 OleUninitialize 359->374 360->374 375 403a7b-403a81 360->375 367 4039a1 362->367 368 40399c-40399f 362->368 376 4039ba-4039c1 363->376 377 4039cd-4039e2 call 40382c 363->377 367->363 368->363 368->367 372->347 388 403bfa-403c00 374->388 389 403b0d-403b1d call 405ccc ExitProcess 374->389 381 403ae1-403ae8 call 405958 375->381 382 403a83-403a8c call 405d32 375->382 378 4039c3-4039c6 376->378 379 4039c8 376->379 377->357 390 403a04-403a1c call 40824c call 406035 377->390 378->377 378->379 379->377 392 403aed-403af3 call 406113 381->392 395 403aa5-403aa7 382->395 397 403c02-403c1f call 406328 * 3 388->397 398 403c7d-403c85 388->398 390->352 392->374 399 403aa9-403ab3 395->399 400 403a8e-403aa0 call 40382c 395->400 427 403c21-403c23 397->427 428 403c69-403c74 ExitWindowsEx 397->428 401 403c87 398->401 402 403c8b 398->402 407 403b23-403b3d lstrcatW lstrcmpiW 399->407 408 403ab5-403ac5 call 4067aa 399->408 400->399 419 403aa2 400->419 401->402 407->374 413 403b3f-403b55 CreateDirectoryW SetCurrentDirectoryW 407->413 408->374 421 403ac7-403add call 406035 * 2 408->421 417 403b62-403b82 call 406035 * 2 413->417 418 403b57-403b5d call 406035 413->418 438 403b87-403ba3 call 406831 DeleteFileW 417->438 418->417 419->395 421->381 427->428 431 403c25-403c27 427->431 428->398 434 403c76-403c78 call 40141d 428->434 431->428 436 403c29-403c3b GetCurrentProcess 431->436 434->398 436->428 444 403c3d-403c5f 436->444 442 403be4-403bec 438->442 443 403ba5-403bb5 CopyFileW 438->443 442->438 446 403bee-403bf5 call 406c94 442->446 443->442 445 403bb7-403bd7 call 406c94 call 406831 call 405c6b 443->445 444->428 445->442 456 403bd9-403be0 CloseHandle 445->456 446->374 456->442
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • #17.COMCTL32 ref: 004038CE
                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001), ref: 004038D9
                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004038E0
                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(0040A264,00000000,?,000002B4,00000000), ref: 00403908
                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                          • GetCommandLineW.KERNEL32(00476AA0,NSIS Error), ref: 0040391D
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,004CF0A0,00000000), ref: 00403930
                                                                                                                                                                                                                                          • CharNextW.USER32(00000000,004CF0A0,00000020), ref: 00403957
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00002004,004E30C8,00000000,00000020), ref: 00403A2C
                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(004E30C8,00001FFF), ref: 00403A41
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,\Temp), ref: 00403A4D
                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(004DF0C0), ref: 00403A64
                                                                                                                                                                                                                                          • OleUninitialize.OLE32(?), ref: 00403AFD
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403B1D
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004E30C8,~nsu.tmp), ref: 00403B29
                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(004E30C8,004DB0B8,004E30C8,~nsu.tmp), ref: 00403B35
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(004E30C8,00000000), ref: 00403B41
                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(004E30C8), ref: 00403B48
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(0043DD40,0043DD40,?,00483008,0040A204,0047F000,?), ref: 00403B99
                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(004EB0D8,0043DD40,00000001), ref: 00403BAD
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,0043DD40,0043DD40,?,0043DD40,00000000), ref: 00403BDA
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C30
                                                                                                                                                                                                                                          • ExitWindowsEx.USER32(00000002,00000000), ref: 00403C6C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                                                                          • String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                                                                          • API String ID: 2435955865-3712954417
                                                                                                                                                                                                                                          • Opcode ID: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                          • Instruction ID: 6e3717b9be2730fff72f59090edb21b77de3e5055cb75e9aafb2752c1f1d7b94
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aec89c4631a4f28101b36bf3f0ee1ca0be396cf3d13a1cbdd2f96bcbf360b5e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DA1E6715443117AD720BF629C4AE1B7EACAB0470AF10443FF545B62D2D7BD8A448BAE
                                                                                                                                                                                                                                          Function 00406CC7 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 190filestringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 733 406cc7-406ce1 call 4067aa 736 406ce3-406cf5 DeleteFileW 733->736 737 406cfa-406d05 733->737 738 406ef9-406efb 736->738 739 406d07-406d09 737->739 740 406d19-406d2d call 406035 737->740 741 406e77-406e7c 739->741 742 406d0f-406d13 739->742 749 406d39-406d3a call 40677d 740->749 750 406d2f-406d37 lstrcatW 740->750 744 406ef7-406ef8 741->744 745 406e7e-406e82 741->745 742->740 742->741 744->738 747 406e84-406e89 745->747 748 406e8b-406e92 call 406301 745->748 751 406ee1-406eee call 4062cf 747->751 748->744 759 406e94-406eb7 call 40674e call 4062cf call 405e5c RemoveDirectoryW 748->759 752 406d3f-406d43 749->752 750->752 751->744 756 406d45-406d4d 752->756 757 406d4f-406d55 lstrcatW 752->757 756->757 760 406d57-406d78 lstrlenW FindFirstFileW 756->760 757->760 784 406ef0-406ef2 call 404f9e 759->784 785 406eb9-406ebd 759->785 763 406e67 760->763 764 406d7e-406d93 call 405d32 760->764 767 406e69-406e6c 763->767 772 406d95-406d99 764->772 773 406d9e-406da2 764->773 767->741 770 406e6e-406e73 767->770 770->741 772->773 775 406d9b 772->775 776 406dc0-406dd0 call 406035 773->776 777 406da4-406dab 773->777 775->773 787 406dd2-406dda 776->787 788 406de7-406e04 call 4062cf call 405e5c DeleteFileW 776->788 780 406db1-406db4 777->780 781 406e44-406e56 FindNextFileW 777->781 780->776 786 406db6-406dba 780->786 781->764 783 406e5c-406e65 FindClose 781->783 783->767 784->744 790 406edc 785->790 791 406ebf-406eda call 4062cf call 404f9e call 406c94 785->791 786->776 786->781 787->781 792 406ddc-406de5 call 406cc7 787->792 804 406e06-406e0a 788->804 805 406e3d-406e3f call 404f9e 788->805 790->751 791->744 792->781 808 406e29-406e3b call 4062cf 804->808 809 406e0c-406e27 call 4062cf call 404f9e call 406c94 804->809 805->781 808->781 809->781
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,004CF0A0), ref: 00406CE4
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00467470,\*.*,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D35
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,00409838,?,00467470,?,-00000002,004E30C8,?,004CF0A0), ref: 00406D55
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00406D58
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00467470,?), ref: 00406D6C
                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,00000010,000000F2,?), ref: 00406E4E
                                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00406E5F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Delete: DeleteFile failed("%s"), xrefs: 00406E29
                                                                                                                                                                                                                                          • RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E84
                                                                                                                                                                                                                                          • \*.*, xrefs: 00406D2F
                                                                                                                                                                                                                                          • Delete: DeleteFile("%s"), xrefs: 00406DE8
                                                                                                                                                                                                                                          • ptF, xrefs: 00406D1A
                                                                                                                                                                                                                                          • Delete: DeleteFile on Reboot("%s"), xrefs: 00406E0C
                                                                                                                                                                                                                                          • RMDir: RemoveDirectory("%s"), xrefs: 00406E9B
                                                                                                                                                                                                                                          • RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EBF
                                                                                                                                                                                                                                          • RMDir: RemoveDirectory failed("%s"), xrefs: 00406EDC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                          • String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*$ptF
                                                                                                                                                                                                                                          • API String ID: 2035342205-1650287579
                                                                                                                                                                                                                                          • Opcode ID: f7a733ba7b7dda8f767778852903590a58a16c07b963c85795d8b3373a8eb2b2
                                                                                                                                                                                                                                          • Instruction ID: e61cf0fe73e9c947a39cb72df690d6d83a08ee9d5dae9ef8ba60e8d8024aa79e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7a733ba7b7dda8f767778852903590a58a16c07b963c85795d8b3373a8eb2b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E51D225604305AADB11AB71CC49A7F37B89F41728F22803FF803761D2DB7C49A1D6AE
                                                                                                                                                                                                                                          Function 6E1594C0 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 165libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(mscoree.dll,A4C33E3A,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450,00000000,6E1CF8E0), ref: 6E1594F4
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E159695
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000040,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450,00000000), ref: 6E15952B
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E159552
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E159561
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E15956E
                                                                                                                                                                                                                                          • CorBindToRuntimeEx.MSCOREE(v4.0.30319,00000000,00000002,6E1C15F4,6E1C1604,?,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E1595D1
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E159607
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159450), ref: 6E1596E2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15969B
                                                                                                                                                                                                                                          • v4.0.30319, xrefs: 6E1595CC
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15960D
                                                                                                                                                                                                                                          • v2.0.50727, xrefs: 6E1595F2
                                                                                                                                                                                                                                          • CorBindToRuntimeEx, xrefs: 6E159549
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159574
                                                                                                                                                                                                                                          • mscoree.dll, xrefs: 6E1594EF
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159503
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Free$ErrorLast$AddressBase::BindConcurrency::details::ContextIdentityLoadProcQueueRuntimeWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$CorBindToRuntimeEx$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                                                                                                                                                                          • API String ID: 484818947-1696464217
                                                                                                                                                                                                                                          • Opcode ID: fa35762e66ca7b48c7ac40bfa4b2603c606a7f90ebf06777c983f34dedb999e7
                                                                                                                                                                                                                                          • Instruction ID: 88f3478a3773b87efaa356316f501d56719c31018e3101ea094c5addd93e75cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa35762e66ca7b48c7ac40bfa4b2603c606a7f90ebf06777c983f34dedb999e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F861F9B4D00209DFCB04DFE4D949BEEBBB5BF48314F108A59E425AB380DB746A81DB95
                                                                                                                                                                                                                                          Function 6E181C23 Relevance: 10.6, APIs: 7, Instructions: 140fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 6E181C2D
                                                                                                                                                                                                                                          • PathIsUNCW.SHLWAPI(?,?,?,00000000), ref: 6E181CE3
                                                                                                                                                                                                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6E181D07
                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6E181850,?,00000040,?,00000040,00000104,00000000), ref: 6E181C60
                                                                                                                                                                                                                                            • Part of subcall function 6E181BE1: GetLastError.KERNEL32(6E15C43F,?,?,6E181D18,6E15C43F,?), ref: 6E181BED
                                                                                                                                                                                                                                            • Part of subcall function 6E181497: PathStripToRootW.SHLWAPI(00000000,?,6E181CDC,?,?,00000000), ref: 6E1814CB
                                                                                                                                                                                                                                          • CharUpperW.USER32(?), ref: 6E181D35
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 6E181D4D
                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 6E181D59
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Path$Find$CharCloseErrorFileFirstFullH_prolog3_InformationLastNameRootStripUpperVolume
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2323451338-0
                                                                                                                                                                                                                                          • Opcode ID: ed616e5d84111f3bc5952d77bd94dbe5f0465aae15f97b63472c419df79c7b01
                                                                                                                                                                                                                                          • Instruction ID: 55786da8312f04bcfbfae06ce77d85e1a45d8fb7e179aac9911e9a69c9ad0b83
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed616e5d84111f3bc5952d77bd94dbe5f0465aae15f97b63472c419df79c7b01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 204163B2614515AFEB50DBE4CC9CFEB737DAF10314F204A95A46A92140EB319EC4AE20
                                                                                                                                                                                                                                          Function 6E1A7DBD Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,6E1BBAA0), ref: 6E1A7E27
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A7E15
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A7FE1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 2155170405-239921721
                                                                                                                                                                                                                                          • Opcode ID: 7edfde7dad723e814d7a954b67035d9c0a54c0b1e0d8c548c1dd1bae0bb954e1
                                                                                                                                                                                                                                          • Instruction ID: ce9d0f3af15ceffeb2674f6e46c642b508988aeb64b1319f3805c0767c65777c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7edfde7dad723e814d7a954b67035d9c0a54c0b1e0d8c548c1dd1bae0bb954e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C951A4B9900215ABDB10DBEDC8449FABBBCAF45714B20496BD630E72D4E7309F81AB50
                                                                                                                                                                                                                                          Function 00406301 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                          • String ID: jF
                                                                                                                                                                                                                                          • API String ID: 2295610775-3349280890
                                                                                                                                                                                                                                          • Opcode ID: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                          • Instruction ID: ae54cbf5f70e9060ab25dbcc7d0ddb8e13a77f3b50f8061b144b06f1ffcf0783
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5aa16d55819016c4e26a60e9ec5dfcaedf525e35b4e30500cf5e78c71265be2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8D01231A141215BD7105778AD0C89B7E9CDF0A330366CA32F866F11F5D3348C2186ED
                                                                                                                                                                                                                                          Function 00406328 Relevance: 4.5, APIs: 3, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 310444273-0
                                                                                                                                                                                                                                          • Opcode ID: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                          • Instruction ID: 7c6873576e710d3586a353c563cf751ff2fc1cfd2ce2d1275f1b712779c4e249
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fa3fc2bddc204e922c82fa426c5bb1cc5fbaa7aed8e5e7daaeaf6592e3c6ac6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8D01232200111D7C7005FA5AD48A5FB77DAE95A11706843AF902F3171E734D911E6EC
                                                                                                                                                                                                                                          Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351sleepfilewindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 190 4015a0-4015f4 191 4030e3-4030ec 190->191 192 4015fa 190->192 216 4030ee-4030f2 191->216 194 401601-401611 call 4062cf 192->194 195 401742-40174f 192->195 196 401962-40197d call 40145c GetFullPathNameW 192->196 197 4019ca-4019e6 call 40145c SearchPathW 192->197 198 40176e-401794 call 40145c call 4062cf SetFileAttributesW 192->198 199 401650-401668 call 40137e call 4062cf call 40139d 192->199 200 4017b1-4017d8 call 40145c call 4062cf call 405d85 192->200 201 401672-401686 call 40145c call 4062cf 192->201 202 401693-4016ac call 401446 call 4062cf 192->202 203 401715-401731 192->203 204 401616-40162d call 40145c call 4062cf call 404f9e 192->204 205 4016d6-4016db 192->205 206 401736-40173d 192->206 207 401897-4018a7 call 40145c call 406301 192->207 208 4018db-401910 call 40145c * 3 call 4062cf MoveFileW 192->208 209 40163c-401645 192->209 210 4016bd-4016d1 call 4062cf SetForegroundWindow 192->210 194->216 220 401751-401755 ShowWindow 195->220 221 401758-40175f 195->221 255 4019a3-4019a8 196->255 256 40197f-401984 196->256 197->191 249 4019ec-4019f8 197->249 198->191 273 40179a-4017a6 call 4062cf 198->273 282 40166d 199->282 295 401864-40186c 200->295 296 4017de-4017fc call 405d32 CreateDirectoryW 200->296 274 401689-40168e call 404f9e 201->274 279 4016b1-4016b8 Sleep 202->279 280 4016ae-4016b0 202->280 203->216 217 401632-401637 204->217 213 401702-401710 205->213 214 4016dd-4016fd call 401446 205->214 219 4030dd-4030de call 405f7d 206->219 275 4018c2-4018d6 call 4062cf 207->275 276 4018a9-4018bd call 4062cf 207->276 303 401912-401919 208->303 304 40191e-401921 208->304 209->217 218 401647-40164e PostQuitMessage 209->218 210->191 213->191 214->191 217->216 218->217 219->191 220->221 221->191 237 401765-401769 ShowWindow 221->237 237->191 249->191 249->219 259 4019af-4019b2 255->259 256->259 266 401986-401989 256->266 259->191 269 4019b8-4019c5 GetShortPathNameW 259->269 266->259 277 40198b-401993 call 406301 266->277 269->191 290 4017ab-4017ac 273->290 274->191 275->216 276->216 277->255 301 401995-4019a1 call 406035 277->301 279->191 280->279 282->216 290->191 298 401890-401892 295->298 299 40186e-40188b call 404f9e call 406035 SetCurrentDirectoryW 295->299 312 401846-40184e call 4062cf 296->312 313 4017fe-401809 GetLastError 296->313 298->274 299->191 301->259 303->274 308 401923-40192b call 406301 304->308 309 40194a-401950 304->309 308->309 329 40192d-401948 call 406c94 call 404f9e 308->329 319 401957-40195d call 4062cf 309->319 323 401853-401854 312->323 314 401827-401832 GetFileAttributesW 313->314 315 40180b-401825 GetLastError call 4062cf 313->315 321 401834-401844 call 4062cf 314->321 322 401855-40185e 314->322 315->322 319->290 321->323 322->295 322->296 323->322 329->319
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00401648
                                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 004016B2
                                                                                                                                                                                                                                          • SetForegroundWindow.USER32(?), ref: 004016CB
                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401753
                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00401767
                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000000,?,000000F0), ref: 0040178C
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0,?,000000F0), ref: 004017F4
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 004017FE
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,000000F0,?,000000F0), ref: 0040180B
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,000000F0,?,000000F0), ref: 0040182A
                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,004D70B0,?,000000E6,004100F0,?,?,?,000000F0,?,000000F0), ref: 00401885
                                                                                                                                                                                                                                          • MoveFileW.KERNEL32(00000000,?), ref: 00401908
                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,004100F0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
                                                                                                                                                                                                                                          • SearchPathW.KERNEL32(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
                                                                                                                                                                                                                                          • CreateDirectory: "%s" (%d), xrefs: 004017BF
                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
                                                                                                                                                                                                                                          • Rename failed: %s, xrefs: 0040194B
                                                                                                                                                                                                                                          • Sleep(%d), xrefs: 0040169D
                                                                                                                                                                                                                                          • CreateDirectory: "%s" created, xrefs: 00401849
                                                                                                                                                                                                                                          • BringToFront, xrefs: 004016BD
                                                                                                                                                                                                                                          • Jump: %d, xrefs: 00401602
                                                                                                                                                                                                                                          • CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
                                                                                                                                                                                                                                          • detailprint: %s, xrefs: 00401679
                                                                                                                                                                                                                                          • SetFileAttributes failed., xrefs: 004017A1
                                                                                                                                                                                                                                          • IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
                                                                                                                                                                                                                                          • Rename on reboot: %s, xrefs: 00401943
                                                                                                                                                                                                                                          • Call: %d, xrefs: 0040165A
                                                                                                                                                                                                                                          • Aborting: "%s", xrefs: 0040161D
                                                                                                                                                                                                                                          • Rename: %s, xrefs: 004018F8
                                                                                                                                                                                                                                          • SetFileAttributes: "%s":%08X, xrefs: 0040177B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
                                                                                                                                                                                                                                          • String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
                                                                                                                                                                                                                                          • API String ID: 2872004960-3619442763
                                                                                                                                                                                                                                          • Opcode ID: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                                                                                                                                          • Instruction ID: d546d874ac51cf0a7c72b7d7aee7a5a926bf82a1b22bfeef9e4f81a1fba4758f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0aacebd35cab78dd9e56fb0c34c611705e18b02e61851c41ce70807ba0770869
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EB1F435A00214ABDB10BFA1DD55DAE3F69EF44324B21817FF806B61E2DA3D4E40C66D
                                                                                                                                                                                                                                          Function 6E1547D0 Relevance: 49.3, APIs: 23, Strings: 5, Instructions: 332memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 457 6e1547d0-6e154821 call 6e158680 * 2 462 6e154845-6e154866 call 6e159330 call 6e151650 457->462 463 6e154823-6e154840 call 6e158660 call 6e161050 457->463 473 6e1549b3-6e1549d4 call 6e159330 call 6e1515d0 462->473 474 6e15486c-6e154890 call 6e158660 call 6e158680 462->474 472 6e154bb0-6e154bc1 call 6e157c80 PathFileExistsW 463->472 483 6e154bc3-6e154bd5 call 6e157c80 call 6e17e700 472->483 484 6e154bd8-6e154c19 call 6e159330 call 6e155840 * 2 472->484 492 6e154b93-6e154bab call 6e158660 call 6e160f80 473->492 493 6e1549da-6e154a28 call 6e158660 call 6e157cc0 call 6e157c80 ExpandEnvironmentStringsW call 6e1583a0 call 6e157c80 SetCurrentDirectoryW 473->493 489 6e1548c5-6e1548e6 call 6e158660 call 6e157c80 call 6e191373 474->489 490 6e154892-6e1548c3 call 6e1613e0 call 6e158660 call 6e155840 474->490 483->484 522 6e154935-6e15496e call 6e17f3a0 call 6e159330 call 6e152640 489->522 523 6e1548e8-6e154930 call 6e157ea0 call 6e157c80 * 2 call 6e191373 call 6e17e700 call 6e155840 489->523 490->522 492->472 534 6e154a6d-6e154aa7 call 6e158660 call 6e158a50 call 6e157c80 call 6e157cc0 call 6e19eeda 493->534 535 6e154a2a-6e154a68 call 6e157ea0 call 6e157c80 GetLastError call 6e17e700 call 6e155840 493->535 547 6e154987-6e1549ae call 6e157c90 call 6e158660 call 6e155840 522->547 548 6e154970-6e154984 call 6e157c80 call 6e17e700 522->548 523->522 576 6e154ac1-6e154adc call 6e1583a0 call 6e157c80 PathFileExistsW 534->576 577 6e154aa9-6e154abe call 6e157c80 call 6e17e700 534->577 535->534 547->472 548->547 586 6e154b26-6e154b36 call 6e156320 576->586 587 6e154ade-6e154b24 call 6e158660 call 6e157cc0 PathResolve call 6e1583a0 call 6e157c80 SetCurrentDirectoryW 576->587 577->576 593 6e154b91 586->593 594 6e154b38-6e154b4c call 6e157c80 SetCurrentDirectoryW 586->594 587->593 593->472 594->593 600 6e154b4e-6e154b8c call 6e157ea0 call 6e157c80 GetLastError call 6e17e700 call 6e155840 594->600 600->593
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15482D
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: _DebugHeapAllocator.LIBCPMTD ref: 6E1610C6
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1610D2
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: std::ios_base::good.LIBCPMTD ref: 6E1610DA
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154852
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154876
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1548B2
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154954
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15499D
                                                                                                                                                                                                                                          • PathFileExistsW.KERNELBASE(00000000,?,?,?,A4C33E3A), ref: 6E154BB9
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154BDF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • downloading %s, xrefs: 6E154939
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E1548E8
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E154B4E
                                                                                                                                                                                                                                          • cf, xrefs: 6E154A15
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E154A2A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$ExistsFilePathstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: cf$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$downloading %s
                                                                                                                                                                                                                                          • API String ID: 1817047942-1589586149
                                                                                                                                                                                                                                          • Opcode ID: b33d06a8c8235752a5115f7115da2de98ade3cc2b3438f529007dfa393a50ac9
                                                                                                                                                                                                                                          • Instruction ID: c7d1dd7ad92f1cae5546bc5d4cfadba5e2986894ff20802c4a729e2b07328528
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b33d06a8c8235752a5115f7115da2de98ade3cc2b3438f529007dfa393a50ac9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFD13DB0D10209DBDB04DBE4DC55BEEB7B8AF14318F508929E422B73D0DB706AA4EB55
                                                                                                                                                                                                                                          Function 00405958 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233stringregistrylibraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 610 405958-405970 call 406328 613 405972-405982 call 405f7d 610->613 614 405984-4059bc call 405eff 610->614 623 4059df-405a08 call 403ec1 call 4067aa 613->623 619 4059d4-4059da lstrcatW 614->619 620 4059be-4059cf call 405eff 614->620 619->623 620->619 628 405a9c-405aa4 call 4067aa 623->628 629 405a0e-405a13 623->629 635 405ab2-405ab9 628->635 636 405aa6-405aad call 406831 628->636 629->628 631 405a19-405a41 call 405eff 629->631 631->628 637 405a43-405a47 631->637 639 405ad2-405af7 LoadImageW 635->639 640 405abb-405ac1 635->640 636->635 641 405a49-405a58 call 405d32 637->641 642 405a5b-405a67 lstrlenW 637->642 644 405b92-405b9a call 40141d 639->644 645 405afd-405b3f RegisterClassW 639->645 640->639 643 405ac3-405ac8 call 403ea0 640->643 641->642 647 405a69-405a77 lstrcmpiW 642->647 648 405a8f-405a97 call 40674e call 406035 642->648 643->639 662 405ba4-405baf call 403ec1 644->662 663 405b9c-405b9f 644->663 650 405c61 645->650 651 405b45-405b8d SystemParametersInfoW CreateWindowExW 645->651 647->648 655 405a79-405a83 GetFileAttributesW 647->655 648->628 654 405c63-405c6a 650->654 651->644 659 405a85-405a87 655->659 660 405a89-405a8a call 40677d 655->660 659->648 659->660 660->648 668 405bb5-405bd2 ShowWindow LoadLibraryW 662->668 669 405c38-405c40 call 405073 662->669 663->654 670 405bd4-405bd9 LoadLibraryW 668->670 671 405bdb-405bed GetClassInfoW 668->671 677 405c42-405c48 669->677 678 405c5a-405c5c call 40141d 669->678 670->671 673 405c05-405c36 DialogBoxParamW call 40141d call 403c94 671->673 674 405bef-405bff GetClassInfoW RegisterClassW 671->674 673->654 674->673 677->663 679 405c4e-405c55 call 40141d 677->679 678->650 679->663
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetModuleHandleA.KERNEL32(?,?,00000020,004038F2,00000008), ref: 00406336
                                                                                                                                                                                                                                            • Part of subcall function 00406328: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038F2,00000008), ref: 00406341
                                                                                                                                                                                                                                            • Part of subcall function 00406328: GetProcAddress.KERNEL32(00000000), ref: 00406353
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0,-00000002,00000000,004E30C8,00403AED,?), ref: 004059DA
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006,004CF0A0), ref: 00405A5C
                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E218,.exe,0046E220,?,?,?,0046E220,00000000,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000), ref: 00405A6F
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(0046E220), ref: 00405A7A
                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004D30A8), ref: 00405AE3
                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405B36
                                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B4E
                                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B87
                                                                                                                                                                                                                                            • Part of subcall function 00403EC1: SetWindowTextW.USER32(00000000,00476AA0), ref: 00403F5C
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00405BBD
                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd20), ref: 00405BCE
                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(RichEd32), ref: 00405BD9
                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20A,00476A40), ref: 00405BE9
                                                                                                                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,00476A40), ref: 00405BF6
                                                                                                                                                                                                                                          • RegisterClassW.USER32(00476A40), ref: 00405BFF
                                                                                                                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,004054A5,00000000), ref: 00405C1E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                          • String ID: F$"F$.DEFAULT\Control Panel\International$.exe$@jG$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                                          • API String ID: 608394941-2746725676
                                                                                                                                                                                                                                          • Opcode ID: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                          • Instruction ID: c846f8899feab6000a015ad3d9ba4b80e1385b5ee8e185a3118195eaaf4def2f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff750bfe5142f8154025b48725ed66ec952ceebe161b5cb34577f361fd6f9efb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53719175600705AEE710AB65AD89E2B37ACEB44718F00453FF906B62E2D778AC41CF6D
                                                                                                                                                                                                                                          Function 6E17AE70 Relevance: 36.9, APIs: 12, Strings: 9, Instructions: 187memorylibraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,A4C33E3A,00000003,6E1B31AD,000000FF,?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A,A4C33E3A,?,6E1B0F21,000000FF), ref: 6E17AEA4
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,06000000,00003000,00000004,?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17B097
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17B0AC
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A,A4C33E3A,?,6E1B0F21,000000FF), ref: 6E17AEB3
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlCompressBuffer), ref: 6E17AF08
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlGetCompressionWorkSpaceSize), ref: 6E17AF1C
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RtlDecompressBuffer), ref: 6E17AF31
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17AF5D
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17AFB9
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17AFCE
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,05C00000,00003000,00000004,?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17B028
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E17AE07,A4C33E12,?,6E1533A0,A4C33E3A), ref: 6E17B03D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E17AF66
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E17B0B5
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E17AFD7
                                                                                                                                                                                                                                          • RtlCompressBuffer, xrefs: 6E17AEFF
                                                                                                                                                                                                                                          • RtlGetCompressionWorkSpaceSize, xrefs: 6E17AF13
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E17B046
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp, xrefs: 6E17AEBC
                                                                                                                                                                                                                                          • RtlDecompressBuffer, xrefs: 6E17AF28
                                                                                                                                                                                                                                          • ntdll.dll, xrefs: 6E17AE9F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$AddressAllocProcVirtual$Base::Concurrency::details::ContextHandleIdentityModuleQueueWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\Lznt.cpp$RtlCompressBuffer$RtlDecompressBuffer$RtlGetCompressionWorkSpaceSize$ntdll.dll
                                                                                                                                                                                                                                          • API String ID: 1508282030-1192085491
                                                                                                                                                                                                                                          • Opcode ID: 33c7fb281f38e2e131d94924a93348d8f3de9d9c86727ad5c826ce7fab30b334
                                                                                                                                                                                                                                          • Instruction ID: efc054711fe2e0a82c7c0e38a885354c528b8f781d9de37a9443cab107cba1cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33c7fb281f38e2e131d94924a93348d8f3de9d9c86727ad5c826ce7fab30b334
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 908136B0D01209DFDB04DFE4D945BEEBBB5BF48714F208519E525AB380EB706A81DB94
                                                                                                                                                                                                                                          Function 6E15507B Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 189memorysleepsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1550C1
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(07A2E8F0,6E1BE520,00000000,00000000,?,?), ref: 6E1550D1
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(000003E8,?,?,?,?,?,?,?,?,?), ref: 6E15519C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1551C2
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E155389
                                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 6E1553B9
                                                                                                                                                                                                                                            • Part of subcall function 6E17C9D0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E17CA16
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553E7
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553F1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • step#%d: %s %s %s, xrefs: 6E1550F9
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorCloseDebugHeap$DesktopHandleProcessSleep$Affinity::operator!=CodeConcurrency::details::ExitHardwareObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$step#%d: %s %s %s$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 3448774765-2387425255
                                                                                                                                                                                                                                          • Opcode ID: 1a40c68cbacd5182bdb563307b99399e2cab0818a94241c1de1ef5e12ee68afc
                                                                                                                                                                                                                                          • Instruction ID: 55502acdc46ead2270fa31a6257697472e66988f21a67ce0c9becf266e12d0b3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a40c68cbacd5182bdb563307b99399e2cab0818a94241c1de1ef5e12ee68afc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3719DF4D04208DFDB04CBE5D894BEEBB75AF55308F148599E4166B381DB306AD0EBA1
                                                                                                                                                                                                                                          Function 6E15E590 Relevance: 28.7, APIs: 19, Instructions: 156memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E5CE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E5E0
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E5F2
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E604
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E616
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E640
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E652
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E664
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E676
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E688
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E69A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E6AC
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E6BE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E6D0
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E6E2
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E718
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E72A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E73C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15E753
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                                                          • Opcode ID: 76af52ee7d64f087d2c811ccd55ec63f35fc0916b35a1f83744a5ebccbc4f5b2
                                                                                                                                                                                                                                          • Instruction ID: 91bcbdaf266d4a77f548719c91c15d2e79cf19382ed4dffbe933f143dd838f1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76af52ee7d64f087d2c811ccd55ec63f35fc0916b35a1f83744a5ebccbc4f5b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF51C5B4610108EFCB08CF89D990E9E77B5EF8824CB14815DE91A6B342C730EF91DB95
                                                                                                                                                                                                                                          Function 6E17C0D0 Relevance: 27.2, APIs: 18, Instructions: 204windowsleepCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000200,00000000,00000000), ref: 6E17C0FB
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000200,00000000,00000000), ref: 6E17C12A
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000002A1,00000000), ref: 6E17C158
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000002A1,00000000), ref: 6E17C186
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000201,00000001), ref: 6E17C1C0
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000201,00000001,00000000), ref: 6E17C1EF
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A,?,?,?,?,6E17C099,00000000,?,?,00000001,00000000), ref: 6E17C1F7
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000202,00000001), ref: 6E17C225
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000202,00000001), ref: 6E17C253
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000020,00000000), ref: 6E17C266
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000020,00000000), ref: 6E17C279
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000204,00000002,?), ref: 6E17C2AC
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000204,00000002), ref: 6E17C2DA
                                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,?,?,?,6E17C099,00000000,?,?,00000001,00000000), ref: 6E17C2E2
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000205,00000002,00000000), ref: 6E17C311
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000205,00000002), ref: 6E17C33F
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000002A3,00000000,00000000), ref: 6E17C352
                                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,000002A3,00000000,00000000), ref: 6E17C365
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessagePost$Sleep
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2128022084-0
                                                                                                                                                                                                                                          • Opcode ID: 6100362cc611c63cc14002feeffed372988cb0ea5d3e613e0788e2b822e79553
                                                                                                                                                                                                                                          • Instruction ID: 8a23f390251a3fc4a6f3a2f0daeec53d9849f11953d288dc8b125dbf034192ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6100362cc611c63cc14002feeffed372988cb0ea5d3e613e0788e2b822e79553
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC619F712107A66BFB259F54CC8AF793762EF85702F50C138BA96CF5C0C6B8E800A764
                                                                                                                                                                                                                                          Function 6E153410 Relevance: 26.5, APIs: 4, Strings: 11, Instructions: 250memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 988 6e153410-6e153455 989 6e153457-6e153464 call 6e17f3a0 988->989 990 6e153466-6e153470 call 6e17f3a0 988->990 995 6e153473-6e1534c1 call 6e155830 call 6e153bd0 call 6e157c80 call 6e159420 call 6e157c80 call 6e15a240 989->995 990->995 1008 6e1534c3-6e153502 call 6e159330 call 6e151390 call 6e156320 995->1008 1009 6e15350d 995->1009 1008->1009 1028 6e153504-6e15350b 1008->1028 1010 6e153514-6e153520 1009->1010 1012 6e153522-6e153529 call 6e155840 1010->1012 1013 6e15352e-6e153534 1010->1013 1012->1013 1016 6e153536-6e153555 call 6e158ff0 call 6e154110 1013->1016 1017 6e153573-6e15357a 1013->1017 1016->1017 1036 6e153557-6e15356e call 6e17f3a0 1016->1036 1021 6e153585-6e153595 call 6e156d70 1017->1021 1029 6e153715-6e15371c 1021->1029 1030 6e15359b-6e1535a2 1021->1030 1028->1010 1034 6e153737-6e15373e 1029->1034 1035 6e15371e-6e153735 call 6e17f3a0 1029->1035 1032 6e1535a4 1030->1032 1033 6e1535a9-6e1535c4 call 6e156db0 1030->1033 1032->1029 1049 6e1535c6-6e1535cd 1033->1049 1050 6e1535d1-6e1535d8 1033->1050 1040 6e153740-6e15374d call 6e17f3a0 1034->1040 1041 6e15374f-6e153761 call 6e1555a0 call 6e17f3a0 1034->1041 1051 6e153764-6e153772 1035->1051 1036->1051 1040->1051 1041->1051 1049->1050 1053 6e1535cf 1049->1053 1054 6e1535e5-6e1535ec 1050->1054 1055 6e1535da-6e1535e1 1050->1055 1057 6e15357c-6e153582 1053->1057 1059 6e1535f0-6e153635 call 6e17f3a0 call 6e1585a0 call 6e15c1f0 1054->1059 1060 6e1535ee 1054->1060 1055->1054 1058 6e1535e3 1055->1058 1057->1021 1058->1057 1067 6e15363b-6e153644 1059->1067 1068 6e1536ea-6e1536f5 call 6e153780 1059->1068 1060->1057 1070 6e1536a5-6e1536ba call 6e157c80 call 6e19144c 1067->1070 1071 6e153646-6e153654 call 6e157c80 call 6e191373 1067->1071 1072 6e1536fa-6e153710 call 6e157c80 SetCurrentDirectoryW call 6e155830 1068->1072 1085 6e1536d2-6e1536e7 call 6e157c80 call 6e17e700 1070->1085 1086 6e1536bc-6e1536d0 call 6e157c80 SetCurrentDirectoryW 1070->1086 1083 6e153659-6e153660 1071->1083 1072->1029 1083->1070 1087 6e153662-6e1536a0 call 6e157ea0 call 6e157c80 call 6e17e700 call 6e155840 1083->1087 1085->1068 1086->1068 1086->1085 1087->1070
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1534D2
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E1534F8
                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,00000000,000000FF,A4C33E3A), ref: 6E1536C8
                                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00000000,6E1B0F4D,00000000,00000000,?,?,?,?,00000000,000000FF,A4C33E3A), ref: 6E153705
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentDirectory$AllocatorDebugHeapstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: %s\%d$Action: %s...$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$InitSession$Installation aborted$Installation canceled.$Installation complete.$Starting Installation.$Starting Uninstallation.$Uninstallation complete.$cond_pkg
                                                                                                                                                                                                                                          • API String ID: 2253133653-213843563
                                                                                                                                                                                                                                          • Opcode ID: 9e17b3b20f20462b24d12628c1bb5176016bbae89ef8ebc6752d19f83bc47bf8
                                                                                                                                                                                                                                          • Instruction ID: 4150fd91f6335597693a828f866e9f8ca1349a747dd22cb5464c0520faef7e25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e17b3b20f20462b24d12628c1bb5176016bbae89ef8ebc6752d19f83bc47bf8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92A17EF0D102059BDB08CFE5C859BEEB7B5AF09308F604519E431AB384DB34A9D1EB62
                                                                                                                                                                                                                                          Function 6E15517A Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 155memorysleepthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(000003E8,?,?,?,?,?,?,?,?,?), ref: 6E15519C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1551C2
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                            • Part of subcall function 6E17C9D0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E17CA16
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Desktop$Affinity::operator!=AllocatorCloseConcurrency::details::DebugHardwareHeapProcessSleepTerminateThread
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 301979607-3520988733
                                                                                                                                                                                                                                          • Opcode ID: b35cec0dec3e8b34facdff1bd3e6e8115f904bb3bbc8dd1565ea0c7e95608675
                                                                                                                                                                                                                                          • Instruction ID: f53aace6e6a30816d5cfec6ec0c1a51b681dbd891ed8ae70099c8611e17acb62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b35cec0dec3e8b34facdff1bd3e6e8115f904bb3bbc8dd1565ea0c7e95608675
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5151A9B4E04208DFDB04CBE5D854BEEBB75AF55308F108499E4266B381DB306AD4EBA1
                                                                                                                                                                                                                                          Function 6E155185 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 154memorysleepthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(000003E8,?,?,?,?,?,?,?,?,?), ref: 6E15519C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1551C2
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                            • Part of subcall function 6E17C9D0: Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E17CA16
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Desktop$Affinity::operator!=AllocatorCloseConcurrency::details::DebugHardwareHeapProcessSleepTerminateThread
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 301979607-3520988733
                                                                                                                                                                                                                                          • Opcode ID: de155ab9506740a54eff37cd960af1123484d77021f6e3086c42c296b3dc3711
                                                                                                                                                                                                                                          • Instruction ID: 36fc60d479dcb9e0bd41b0dd18a0f4b54b1030cf4c89b25a7681fa64c5776346
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de155ab9506740a54eff37cd960af1123484d77021f6e3086c42c296b3dc3711
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD51AAB4E04208DBDB04CBE5D854BEEBB75AF55308F108499E4266B381DB306AD4EBA1
                                                                                                                                                                                                                                          Function 6E15518E Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 136memorysynchronizationthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E17CA50: Sleep.KERNEL32(000000AA,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6E1B341D,000000FF), ref: 6E17CB69
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1551C2
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E155389
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553E7
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553F1
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$AllocatorDebugDesktopHandleHeap$Base::Concurrency::details::ContextIdentityObjectProcessQueueSingleSleepTerminateThreadWaitWork
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 1742604607-3520988733
                                                                                                                                                                                                                                          • Opcode ID: 042adbd3de64547a7ed7aeff3c9b8d98f824324add6da2c824723dde14dc5c93
                                                                                                                                                                                                                                          • Instruction ID: 47745b1e2fab65f0a1f5fc57a8657e75af848747730ca0a28fea2f826c047ba7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 042adbd3de64547a7ed7aeff3c9b8d98f824324add6da2c824723dde14dc5c93
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB51C0F4D04208DBDB04CBE5D854BEFBB75AF55308F108499E4256B380DB346AD4EBA1
                                                                                                                                                                                                                                          Function 00401A1F Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 185stringtimeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,install,004D70B0,00000000,00000000), ref: 00401A76
                                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,install,install,00000000,00000000,install,004D70B0,00000000,00000000), ref: 00401AA0
                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$lstrcat$CompareFileTextTimeWindowlstrcpynwvsprintf
                                                                                                                                                                                                                                          • String ID: File: error creating "%s"$File: error, user abort$File: error, user cancel$File: error, user retry$File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"$File: skipped: "%s" (overwriteflag=%d)$File: wrote %d to "%s"$install
                                                                                                                                                                                                                                          • API String ID: 4286501637-2455569613
                                                                                                                                                                                                                                          • Opcode ID: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                                                                                                                                          • Instruction ID: 90fa90950dbbf035c4f81507b49f49b55cd41b97b653845b504dd01eb698d819
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23359e57e86623cb041ae238ad4d2dfc68e00f0e31f0802a264bc06316deb979
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B512931901214BADB10BBB5CC46EEE3979EF05378B20423FF416B11E2DB3C9A518A6D
                                                                                                                                                                                                                                          Function 6E15A240 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 170memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(?), ref: 6E159B9A
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159C35
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159CD4
                                                                                                                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6E15A2A4
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E15A2BA
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E15A2D6
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E15A2FA
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E15A319
                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6E15A418
                                                                                                                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E15A422
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15A42E
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15A3C8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocString$ArraySafe$Element$ClearCreateDestroyVariantVector
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                                                                                                          • API String ID: 1364862699-1439456480
                                                                                                                                                                                                                                          • Opcode ID: dd3ca28e21835d74727cb56e1c059b626b596b02b77e295074d5ad9a0b665c5e
                                                                                                                                                                                                                                          • Instruction ID: 5208f95cfdf6915d8e8ed6bb835e08f76aef4c6555f0799b6a43d0d8eb0e3b73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd3ca28e21835d74727cb56e1c059b626b596b02b77e295074d5ad9a0b665c5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C971C4B5D10609DFCB04DFE4C984BEEBBB9BF48310F108619E525A7390D7746A85DBA0
                                                                                                                                                                                                                                          Function 6E155230 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 123synchronizationthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E155389
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553E7
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553F1
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$DesktopHandle$Base::Concurrency::details::ContextIdentityObjectProcessQueueSingleTerminateThreadWaitWork
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 544187064-3520988733
                                                                                                                                                                                                                                          • Opcode ID: 6b8b5207b63075c38afe1d134225024c887c54c06c7e6ecdbc8c70d33f805d4a
                                                                                                                                                                                                                                          • Instruction ID: 62b69aabba6e628601e0de3666dcf8e6e72e6ff089f40354d0fa880d08791bf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b8b5207b63075c38afe1d134225024c887c54c06c7e6ecdbc8c70d33f805d4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9441B0F4E04208DBDB04CBE5D854BEFBB79AF55305F108499E4296B380DB346AD4EBA1
                                                                                                                                                                                                                                          Function 6E15523B Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 122synchronizationthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetThreadDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552AE
                                                                                                                                                                                                                                          • CloseDesktop.USER32(00000000,?,00000000,?,?), ref: 6E1552B8
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(?,00000000,keepProcessAlive,00000000,00000000,?,00000000,?,?), ref: 6E1552F8
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E155389
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553E7
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,waitTimeout,00000000,00000078,00000000,?,00000000,?,?), ref: 6E1553F1
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • failed: %s, xrefs: 6E155268
                                                                                                                                                                                                                                          • ignoreFailure, xrefs: 6E155316
                                                                                                                                                                                                                                          • waitTimeout, xrefs: 6E155359
                                                                                                                                                                                                                                          • process terminated, xrefs: 6E1552FE
                                                                                                                                                                                                                                          • timeout %d min. was reached but the process still active., xrefs: 6E15539F
                                                                                                                                                                                                                                          • ignore action failure and continue installation, xrefs: 6E155333
                                                                                                                                                                                                                                          • keepProcessAlive, xrefs: 6E1552D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$DesktopHandle$Base::Concurrency::details::ContextIdentityObjectProcessQueueSingleTerminateThreadWaitWork
                                                                                                                                                                                                                                          • String ID: failed: %s$ignore action failure and continue installation$ignoreFailure$keepProcessAlive$process terminated$timeout %d min. was reached but the process still active.$waitTimeout
                                                                                                                                                                                                                                          • API String ID: 544187064-3520988733
                                                                                                                                                                                                                                          • Opcode ID: f4d4ce2a296553a363e94eec1af73ec9b163bc6b8030d51b53cba3a095f604d4
                                                                                                                                                                                                                                          • Instruction ID: 31b9b8dab44e4ee2bb2e4215554885b6741ebbce8f0f5a09abed6a26a50f5278
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4d4ce2a296553a363e94eec1af73ec9b163bc6b8030d51b53cba3a095f604d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541B0F4E04208DBDB04CBE5D854BEFBB79AF55305F108499E4296B380DB346AD4EBA1
                                                                                                                                                                                                                                          Function 6E160B60 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 264memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160C3C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160C8C
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000104,00000104,A4C33E3A), ref: 6E160CCA
                                                                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000104,A4C33E3A), ref: 6E160CF7
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E160D17
                                                                                                                                                                                                                                          • ~.LIBCPMTD ref: 6E160DC8
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E160DD4
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E160E0A
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorktask$EnvironmentExpandFolderPathStrings
                                                                                                                                                                                                                                          • String ID: cf$"$PkgDir$Temp
                                                                                                                                                                                                                                          • API String ID: 4116297666-2836421072
                                                                                                                                                                                                                                          • Opcode ID: 88ae0d616d16e35b16cdc4c97ad0862c5b4aa5e07d5860528cff7e40693a158f
                                                                                                                                                                                                                                          • Instruction ID: 6ade14690b10b3777f1cd50e80520a0c761a9df7f96bc6dc66973cda824b86fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88ae0d616d16e35b16cdc4c97ad0862c5b4aa5e07d5860528cff7e40693a158f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACB14CB1D00118DFDB24CBE4CC90BDEB779AF54308F60869DD16AA7292EB306A94DF51
                                                                                                                                                                                                                                          Function 6E18A6D6 Relevance: 18.1, APIs: 12, Instructions: 137memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6E1CE860), ref: 6E18A6E8
                                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000), ref: 6E18A747
                                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(6E1CE854), ref: 6E18A750
                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 6E18A759
                                                                                                                                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 6E18A772
                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 6E18A780
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6E1CE860), ref: 6E18A7C5
                                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(00000000), ref: 6E18A7D9
                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 6E18A7E0
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6E18A7E9
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000001,00000000), ref: 6E18A800
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6E18A82C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Global$CriticalSection$Leave$AllocEnterHandleLock$Unlock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2233717024-0
                                                                                                                                                                                                                                          • Opcode ID: cc1b24ee07fa76e8bb5defe1e110607d021b78520f28b4112ba3da681fcd52b0
                                                                                                                                                                                                                                          • Instruction ID: 59184269bf2fa2855d2c6a1ebe53f2e0295cf0e520f08006220160eb95364e34
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc1b24ee07fa76e8bb5defe1e110607d021b78520f28b4112ba3da681fcd52b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19411A71500605EFDB44DFA4C888A9A77BAFF85305F10C458E951EB285D775E882EF60
                                                                                                                                                                                                                                          Function 004035B3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004035C4
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,004EB0D8,00002004,?,?,?,00000000,00403A73,?), ref: 004035E0
                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004EF0E0,00000000,004DB0B8,004DB0B8,004EB0D8,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 0040362C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • soft, xrefs: 004036A1
                                                                                                                                                                                                                                          • Inst, xrefs: 00403698
                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00403603
                                                                                                                                                                                                                                          • Null, xrefs: 004036AA
                                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037F1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                          • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                          • Opcode ID: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                          • Instruction ID: dd9ffda97dac1e18d9081c595fe0b3a994810ea71df15e1d022794f6b5594c79
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60015d4ad0f4b5f5eae55729fc88f45e330dc420916319a7d833a41d7a943f83
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8551B8B1900214AFDB20DFA5DC85B9E7EACAB1435AF60857BF905B72D1C7389E408B5C
                                                                                                                                                                                                                                          Function 0040337F Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 175fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004033F1
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403492
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004034BB
                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004034CE
                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00425AD2,00403792,00000000), ref: 004034FF
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,00420170,?,00000000,00000000,00420170,?,000000FF,00000004,00000000,00000000,00000000), ref: 00403597
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CountFileTickWrite$wsprintf
                                                                                                                                                                                                                                          • String ID: (]C$... %d%%$pAB
                                                                                                                                                                                                                                          • API String ID: 651206458-3635341587
                                                                                                                                                                                                                                          • Opcode ID: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                                                                                                          • Instruction ID: 38da17626370685da8d32df628044978fcb9abff53cdf920ebdff1c577d6aec0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb4c91118d633cdc657fe6c8c56820a3b26f1ee58aa4180b17ceb2c9431ae53d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE615D71900219EBCF10DF69ED8469E7FBCAB54356F10413BE810B72A0D7789E90CBA9
                                                                                                                                                                                                                                          Function 6E159B60 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 168memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 6E159B9A
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6E159BD8
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E159C35
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6E159C6A
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E159CD4
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 6E159D0E
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159BE4
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159C8A
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159D30
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$AllocFree$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                                                                                                          • API String ID: 3803223067-4145850606
                                                                                                                                                                                                                                          • Opcode ID: 7767edfb8846bcd0be62e956a5c64968e5ce415ffaf01b13e01fa3527771c32f
                                                                                                                                                                                                                                          • Instruction ID: 6cada9b3fcc9e012b6183997f15fc86006145bc01f33fd0967b7773c7aa97c99
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7767edfb8846bcd0be62e956a5c64968e5ce415ffaf01b13e01fa3527771c32f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C771E1B1900209DFCB04DFE4C994BEEBBB5FF48314F608619E525A7390D775AA81DBA0
                                                                                                                                                                                                                                          Function 6E153780 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 157memoryfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15381A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15385D
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1538A9
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E153937
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000,00000000,00000000,AddActionResult,00000000,00000000,00000000,00000000,00000000,6E1B0F4D), ref: 6E153945
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$DeleteFile
                                                                                                                                                                                                                                          • String ID: Action failed$AddActionResult$Condition failed$Condition failed
                                                                                                                                                                                                                                          • API String ID: 1100692808-2694484580
                                                                                                                                                                                                                                          • Opcode ID: 9894ac2a4e5e41a2fcd5ffe67433230d98a09a71c7ff6566fc329f5a62051e62
                                                                                                                                                                                                                                          • Instruction ID: 1e7242c88abbb9331aafd46854ee553420c4355fedf7ef27978eb7fe6c34e978
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9894ac2a4e5e41a2fcd5ffe67433230d98a09a71c7ff6566fc329f5a62051e62
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75510DF191010A9BCB08DFD9CC64AFFB779BF44218F104919E536AB394DB30A9A1DB61
                                                                                                                                                                                                                                          Function 6E1A7BE2 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 373timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$InformationTimeZone
                                                                                                                                                                                                                                          • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                          • API String ID: 597776487-239921721
                                                                                                                                                                                                                                          • Opcode ID: 151bed1ae128b5fbf51f8aed37bfd0b708e6836f9a619abe1aa0490b498bcbb6
                                                                                                                                                                                                                                          • Instruction ID: 8738093fd557a4d8941c8107d1dbd776c6ac457bb89ca6d498c727267e0e899a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 151bed1ae128b5fbf51f8aed37bfd0b708e6836f9a619abe1aa0490b498bcbb6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3C1E079904205AADB10DFFCC854AFA7BBDAF56314F24485BD6A0D72C9E7308B81E750
                                                                                                                                                                                                                                          Function 6E17F9F0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 193memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17FA2D
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E155860: _DebugHeapAllocator.LIBCPMTD ref: 6E1558B5
                                                                                                                                                                                                                                            • Part of subcall function 6E17FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E17FFF6
                                                                                                                                                                                                                                            • Part of subcall function 6E17FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E180030
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: cf$->mb!Demo Package is expired$->mb!Silent Install Builder Demo Package.$in_
                                                                                                                                                                                                                                          • API String ID: 1698587239-3859124433
                                                                                                                                                                                                                                          • Opcode ID: 60916d72765279c1b8d52e86467e068298b643474598a55b06d829e3a3a26f60
                                                                                                                                                                                                                                          • Instruction ID: 7061011335115a39bf3565a8201dcc7f4878be29759b584fe630626392824f95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60916d72765279c1b8d52e86467e068298b643474598a55b06d829e3a3a26f60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 227184B1900109EBDF14DFD4D854BEF7BB9BB59B08F604519E422AB2C0DB346AC4EB52
                                                                                                                                                                                                                                          Function 6E15BF30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 163memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E15BFA9
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: UuidCreate.RPCRT4(?), ref: 6E15A6F2
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: UuidToStringW.RPCRT4(?,00000000), ref: 6E15A710
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: RpcStringFreeW.RPCRT4(00000000), ref: 6E15A735
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: _DebugHeapAllocator.LIBCPMTD ref: 6E15A74E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15C00E
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15C048
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15C0AB
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15C0C1
                                                                                                                                                                                                                                            • Part of subcall function 6E15A490: _fwprintf.LIBCONCRTD ref: 6E15A588
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • 1.0.0, xrefs: 6E15C03D
                                                                                                                                                                                                                                          • {"productCode": "%s","upgradeCode": "%s"}, xrefs: 6E15C107
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$ProcessorStringUuidVirtual$Base::Concurrency::Concurrency::details::ContextCreateFreeIdentityQueueRootRoot::Work_fwprintf
                                                                                                                                                                                                                                          • String ID: 1.0.0${"productCode": "%s","upgradeCode": "%s"}
                                                                                                                                                                                                                                          • API String ID: 1708109837-1423552966
                                                                                                                                                                                                                                          • Opcode ID: e30b36f2aad4edc55b176a7f9a0635820c040ff3e5bdee54eb340582e369b812
                                                                                                                                                                                                                                          • Instruction ID: 02f52e8580e45de859eeb9fa9d49619c928d833b4e583cf30c414cd19df410e9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e30b36f2aad4edc55b176a7f9a0635820c040ff3e5bdee54eb340582e369b812
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA713BB0D05249DFCF04CFE8D954BEEBBB5AF44308F144899D4216B381DB746A54DBA1
                                                                                                                                                                                                                                          Function 6E17F5F0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 95memorycomthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitializeEx.OLE32(00000000,00000000,A4C33E3A), ref: 6E17F63A
                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(6E1C2830,00000000,00000001,6E1C2840,6E1CF8D4), ref: 6E17F69C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17F7AC
                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 6E17F7C0
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6E17F649
                                                                                                                                                                                                                                          • ((e, xrefs: 6E17F6EB
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp, xrefs: 6E17F6AB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextCreateDebugExitHeapIdentityInitializeInstanceQueueThreadWork
                                                                                                                                                                                                                                          • String ID: ((e$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibuia\Globals.cpp
                                                                                                                                                                                                                                          • API String ID: 2386534328-914077190
                                                                                                                                                                                                                                          • Opcode ID: 1df23184275f8db021f472790f7bba5861f6ed9168c3b977c73e7ec9c28b0890
                                                                                                                                                                                                                                          • Instruction ID: 3ad16d33ea6c91f0d9b69d1502503484369a22523f1ff1b2de514111339dc95b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1df23184275f8db021f472790f7bba5861f6ed9168c3b977c73e7ec9c28b0890
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E63136B0910204EFDF04DBE4C959BDEBBF9AF19B04F204559E021B7390DB741A84EB62
                                                                                                                                                                                                                                          Function 004023F0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 83libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040241C
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040242D
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?), ref: 004024C3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Error registering DLL: %s not found in %s, xrefs: 0040249A
                                                                                                                                                                                                                                          • Error registering DLL: Could not initialize OLE, xrefs: 004024F1
                                                                                                                                                                                                                                          • Error registering DLL: Could not load %s, xrefs: 004024DB
                                                                                                                                                                                                                                          • `G, xrefs: 0040246E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$Library$FreeHandleLoadModuleTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                          • String ID: Error registering DLL: %s not found in %s$Error registering DLL: Could not initialize OLE$Error registering DLL: Could not load %s$`G
                                                                                                                                                                                                                                          • API String ID: 1033533793-4193110038
                                                                                                                                                                                                                                          • Opcode ID: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                                                                                                                                          • Instruction ID: ac94b2829880799def153f2ab6d9fb01897d962df66ba524602deb4d09d833fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c076069b8b51cc5180cfdda9fa0df6bded6a99c0ce616e210176aacc9454d606
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE21A635A00215FBDF20AFA1CE49A9D7E71AB44318F30817BF512761E1D6BD4A80DA5D
                                                                                                                                                                                                                                          Function 6E18F79F Relevance: 12.1, APIs: 8, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __RTC_Initialize.LIBCMT ref: 6E18F7E6
                                                                                                                                                                                                                                          • ___scrt_uninitialize_crt.LIBCMT ref: 6E18F800
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2442719207-0
                                                                                                                                                                                                                                          • Opcode ID: c37a775e3ef3cf11a38f98bf00eaba52bdbd2809c4ef9f9f07a4e60d774b0834
                                                                                                                                                                                                                                          • Instruction ID: 1bd376d9618c22b2dda9bd632cb986008c6e566e48529bc5457e5627df4116ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c37a775e3ef3cf11a38f98bf00eaba52bdbd2809c4ef9f9f07a4e60d774b0834
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F241B072D0461DAEDB51CFD4C880BAF3A79EB69B68F314919E835A6240D7348DC1BF90
                                                                                                                                                                                                                                          Function 6E153BD0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,A4C33E3A), ref: 6E153C5B
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E153CF3
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • %s\%s, xrefs: 6E153DE8
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp, xrefs: 6E153D82
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextDebugFileHeapIdentityModuleNameQueueWork
                                                                                                                                                                                                                                          • String ID: %s\%s$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp
                                                                                                                                                                                                                                          • API String ID: 1128770468-521655744
                                                                                                                                                                                                                                          • Opcode ID: debfbcaf095661658b157895da2eb8ce49db0a8de4870050f98b09eea3f5550f
                                                                                                                                                                                                                                          • Instruction ID: 604ae70ca5e0c2c1bacb98e494c4a275e15872a420dac0dfc390feeabfc00830
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: debfbcaf095661658b157895da2eb8ce49db0a8de4870050f98b09eea3f5550f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BC145B1905128DFCB24DBA4CC98BDAB7B5AF58304F5086DAD419A7290DB306FC5DF50
                                                                                                                                                                                                                                          Function 6E159940 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 174memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E159A16
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 6E159A38
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E1599C4
                                                                                                                                                                                                                                          • sibjs, xrefs: 6E159AA2
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159B02
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159A52
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: String$AllocBase::Concurrency::details::ContextFreeIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$sibjs
                                                                                                                                                                                                                                          • API String ID: 2894111969-246635303
                                                                                                                                                                                                                                          • Opcode ID: 9c5f2ada546338a350395fe2afff30b3a6c280bab3f30cb8b3b60220dfbb223b
                                                                                                                                                                                                                                          • Instruction ID: 3663072e485b85b4f7423f02c660b44298fc9e396f4e5dd4c186ca2d63080a9c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c5f2ada546338a350395fe2afff30b3a6c280bab3f30cb8b3b60220dfbb223b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1871B5B4A00109DFCB04DFD8D894AEEB7B9FF48314F108659E525A7390DB74AE81DBA0
                                                                                                                                                                                                                                          Function 6E17B520 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • QueryInformationJobObject.KERNEL32(000004A8,00000003,6E17B978,00000030,00000030), ref: 6E17B5A8
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,A4C33E3A), ref: 6E17B5B2
                                                                                                                                                                                                                                            • Part of subcall function 6E19F4CD: _free.LIBCMT ref: 6E19F4E0
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 6E17B624
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • 0, xrefs: 6E17B562
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\UIATools.cpp, xrefs: 6E17B5C7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Base::Concurrency::details::Concurrency::details::_Condition_variableCondition_variable::_ContextErrorIdentityInformationLastObjectQueryQueueWork_free
                                                                                                                                                                                                                                          • String ID: 0$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\UIATools.cpp
                                                                                                                                                                                                                                          • API String ID: 3571973630-1420485733
                                                                                                                                                                                                                                          • Opcode ID: c514ce887251b96d0c1c9199e7c2b3451815dcc757809abe56394a1b44204ac3
                                                                                                                                                                                                                                          • Instruction ID: 036d9f4549333fece63500f86709fa15f97d2dc08d574a611f85b4e08245e7da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c514ce887251b96d0c1c9199e7c2b3451815dcc757809abe56394a1b44204ac3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED5108B1D10209DFCF14CFD4D890BEEBBB9BF58704F108559E525A7280EB356A84DBA1
                                                                                                                                                                                                                                          Function 6E1613E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94memoryfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E190E77: GetTempPathW.KERNEL32(00000104,?), ref: 6E190EA0
                                                                                                                                                                                                                                            • Part of subcall function 6E190E77: GetTempFileNameW.KERNELBASE(?,00000104,00000000,?), ref: 6E190EBF
                                                                                                                                                                                                                                            • Part of subcall function 6E190E77: GetLastError.KERNEL32 ref: 6E190EC9
                                                                                                                                                                                                                                          • DeleteFileW.KERNELBASE(00000000,000000FF,sib,00000000,00000104,00000104,A4C33E3A), ref: 6E161494
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1614FA
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6E16144B
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp, xrefs: 6E1614B3
                                                                                                                                                                                                                                          • sib, xrefs: 6E16142E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileTemp$AllocatorBase::Concurrency::details::ContextDebugDeleteErrorHeapIdentityLastNamePathQueueWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\EnvTools.cpp$sib
                                                                                                                                                                                                                                          • API String ID: 3679817218-2030889379
                                                                                                                                                                                                                                          • Opcode ID: 2e678875d9d151c693715468a0bbe74f442d8a233cc1e883b53069c3d79fc1cc
                                                                                                                                                                                                                                          • Instruction ID: 5b93cfc3be9f87fab099bbbb3c6b2ce5ad5d95222ad619614c5512861d85c8be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e678875d9d151c693715468a0bbe74f442d8a233cc1e883b53069c3d79fc1cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F310BB0D10249DBCB04DBE4C955BEEBBB8AF14318F504929E421B72D0DB742A94DBA1
                                                                                                                                                                                                                                          Function 6E191373 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(00000000,6E1614AA,?,?,?,6E1614AA,00000000,00000000), ref: 6E191381
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,6E1614AA,00000000,00000000), ref: 6E19138F
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(00000000,6E1614AA,?,?,?,?,6E1614AA,00000000,00000000), ref: 6E1913FF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,6E1614AA,00000000,00000000), ref: 6E191409
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6E191439
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                          • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                                                                                                          • API String ID: 1375471231-2061300336
                                                                                                                                                                                                                                          • Opcode ID: 5d272035f5177d24d42f6b07b695b47eb3550e3a03d2a24645424b91b1df7f63
                                                                                                                                                                                                                                          • Instruction ID: 140e5a2d7ab64c54127bbf063e9b79fe37a3425a0ca6ddb812720b6b3df5938a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d272035f5177d24d42f6b07b695b47eb3550e3a03d2a24645424b91b1df7f63
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B921F636B842329BDB111BE5884076F76BDEF59F60F238025ED04AB184D7608DC5B6D1
                                                                                                                                                                                                                                          Function 6E190E77 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 6E190EA0
                                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,00000104,00000000,?), ref: 6E190EBF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E190EC9
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E190F00
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp, xrefs: 6E190F21
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastTemp$FileNamePath
                                                                                                                                                                                                                                          • String ID: c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                                                                                                          • API String ID: 891594076-2061300336
                                                                                                                                                                                                                                          • Opcode ID: 8202ba66c01ea642d31be40a6e4932bc45b31cf5c8b4d1ba2cec327aa29855b4
                                                                                                                                                                                                                                          • Instruction ID: 391c1ad1b707487f803aa87e06d0d4faa12971945f3b6864508c8aee4147d8b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8202ba66c01ea642d31be40a6e4932bc45b31cf5c8b4d1ba2cec327aa29855b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0611E4B790122EABDB20DAE48C44BDF77ACAF05754F114465AE01EB240E634DE80BAE1
                                                                                                                                                                                                                                          Function 6E15A6B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • UuidCreate.RPCRT4(?), ref: 6E15A6F2
                                                                                                                                                                                                                                          • UuidToStringW.RPCRT4(?,00000000), ref: 6E15A710
                                                                                                                                                                                                                                          • RpcStringFreeW.RPCRT4(00000000), ref: 6E15A735
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15A74E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: StringUuid$AllocatorCreateDebugFreeHeap
                                                                                                                                                                                                                                          • String ID: {%s}
                                                                                                                                                                                                                                          • API String ID: 1283604287-2304400190
                                                                                                                                                                                                                                          • Opcode ID: 34ca2ab58f4a8db1456695a3ff54513689ed2c5c621771f1bba055e095aaa242
                                                                                                                                                                                                                                          • Instruction ID: aaa803a2c852d82fe50073f1b41a3b3135fcad0ae6699e111c07aa46e20a3d3c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34ca2ab58f4a8db1456695a3ff54513689ed2c5c621771f1bba055e095aaa242
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E321FAB1910208DFCB04DFE4D944BEEBBB8FB08314F504659E422A7380DB75AA58DBA0
                                                                                                                                                                                                                                          Function 6E17F2A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17F33E
                                                                                                                                                                                                                                            • Part of subcall function 6E15C3C0: GetModuleFileNameW.KERNEL32(00000000,?,00000104,A4C33E3A), ref: 6E15C409
                                                                                                                                                                                                                                            • Part of subcall function 6E15C3C0: Sleep.KERNELBASE(00000064), ref: 6E15C411
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17F35E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$FileModuleNameSleep
                                                                                                                                                                                                                                          • String ID: cf$((e$\sib.dat
                                                                                                                                                                                                                                          • API String ID: 3729167558-1376987123
                                                                                                                                                                                                                                          • Opcode ID: 0bc6cb10e59bc14a944404c517a6714d954808f7cc5ea8c0c2b50c6919f9f500
                                                                                                                                                                                                                                          • Instruction ID: ab2bb56b39e6b4789aad9e3608cbae134a75ced35429b687750fadd4bc1baa9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bc6cb10e59bc14a944404c517a6714d954808f7cc5ea8c0c2b50c6919f9f500
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64118EB19042499FCB04CFD9C814BAE77A9EB59B18F204629E432EB380DB3855C4EB53
                                                                                                                                                                                                                                          Function 6E18F84F Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3136044242-0
                                                                                                                                                                                                                                          • Opcode ID: e3880e00752c64063e2688bd02cad2f464e103ad77886dbef6cd22c7e407858d
                                                                                                                                                                                                                                          • Instruction ID: ecbbef93509df6a51e3361d4463ff57832c4a5b956344d837936790da7118e95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3880e00752c64063e2688bd02cad2f464e103ad77886dbef6cd22c7e407858d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F219172D0061EBEDB618ED5C880AAF3A6AEBADBA4B314515F83556210D7308DC1AF90
                                                                                                                                                                                                                                          Function 00401EB9 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(00000000), ref: 00402387
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeGloballstrcpyn
                                                                                                                                                                                                                                          • String ID: Exch: stack < %d elements$Pop: stack empty$install
                                                                                                                                                                                                                                          • API String ID: 1459762280-2295550231
                                                                                                                                                                                                                                          • Opcode ID: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                                                                                                                                          • Instruction ID: 50a08f61e59307d203ec8fda99e8a78aa4432658e9e299f93ea532572e85a124
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e59d48cc0b33387c2730e4ad274f001f3a7594b7c65e82bccf9c8afdadd6d069
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4921FF72640001EBD710EF98DD81A6E77A8AA04358720413BF503F32E1DB799C11966D
                                                                                                                                                                                                                                          Function 004022FD Relevance: 7.6, APIs: 5, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(00000000,?,000000EE), ref: 0040230C
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 0040232E
                                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,?,?,00000000), ref: 00402347
                                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,00409838,?,?,?,?,?,00000000), ref: 00402360
                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                          • GlobalFree.KERNELBASE(00000000), ref: 00402387
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileGlobalInfoVersion$AllocFreeQuerySizeValuewsprintf
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3376005127-0
                                                                                                                                                                                                                                          • Opcode ID: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                                                                                                                                          • Instruction ID: 214764af72b390ffa64cdeb44d1c6cd0e8ca06a9e3a7070d0c65f9f565939ffa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62822491a2171e7313e749cd3bc434bc25a9f92e131eb6a230f292f9eb063890
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D112572A0010AAFDF00EFA1D9459AEBBB8EF08344B10447AF606F61A1D7798A40CB18
                                                                                                                                                                                                                                          Function 00402B23 Relevance: 7.6, APIs: 5, Instructions: 54memoryfilestringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00402B2B
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B61
                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B6A
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,?,?,00000000,?,?,?,?,004100F0,000000FF,?,00002004,?,?,00000011), ref: 00402B85
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocByteCharFileGlobalMultiWideWritelstrlen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2568930968-0
                                                                                                                                                                                                                                          • Opcode ID: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                                                                                                                                          • Instruction ID: eb70b36e00a6049791e454e439637436730f967712bedb277b0d85a94317bb29
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39b3758b80fcd953e19c2f81128d57e0ae640eda6b6d66c2b66b0c237e413b24
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F016171600205FFEB14AF60DD4CE9E3B78EB05359F10443AF606B91E2D6799D81DB68
                                                                                                                                                                                                                                          Function 6E17BB10 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E155AA0: _DebugHeapAllocator.LIBCPMTD ref: 6E155AD8
                                                                                                                                                                                                                                            • Part of subcall function 6E155AA0: _DebugHeapAllocator.LIBCPMTD ref: 6E155B1B
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17BE56
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextDispatcherExceptionIdentityQueueUserWork
                                                                                                                                                                                                                                          • String ID: %s+%d$-%d$get_ControlViewWalker == NULL
                                                                                                                                                                                                                                          • API String ID: 603298931-743771361
                                                                                                                                                                                                                                          • Opcode ID: 0c3a21685a1e6b8afe639e70caa873080209d91ae6f1a36928d5d96a037abfdf
                                                                                                                                                                                                                                          • Instruction ID: 8c224083cb6c7747a35e34e139a8da20cfa4711f3df32bd88194cda10b87fd5d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c3a21685a1e6b8afe639e70caa873080209d91ae6f1a36928d5d96a037abfdf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E13FB0C10149DFCF04CFE4D990BEEBBB9AF18708F608558D425AB390DB346A85DBA1
                                                                                                                                                                                                                                          Function 6E17B920 Relevance: 6.1, APIs: 4, Instructions: 142memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E17B520: QueryInformationJobObject.KERNEL32(000004A8,00000003,6E17B978,00000030,00000030), ref: 6E17B5A8
                                                                                                                                                                                                                                            • Part of subcall function 6E17B520: GetLastError.KERNEL32(?,?,?,A4C33E3A), ref: 6E17B5B2
                                                                                                                                                                                                                                            • Part of subcall function 6E17B520: Concurrency::details::_Condition_variable::_Condition_variable.LIBCMTD ref: 6E17B624
                                                                                                                                                                                                                                          • Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMTD ref: 6E17B9B9
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17BA44
                                                                                                                                                                                                                                          • std::exception::exception.LIBCMTD ref: 6E17BA53
                                                                                                                                                                                                                                          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 6E17BA92
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::details::_CreationTask$AllocatorCallstackCallstack::_Condition_variableCondition_variable::_Container_base12Container_base12::~_DebugErrorHeapInformationLastObjectQuerystd::_std::exception::exception
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1322263148-0
                                                                                                                                                                                                                                          • Opcode ID: 3b612a4a374870a3a568559f58fc382373ed31beba74e96b3c515b03ed736095
                                                                                                                                                                                                                                          • Instruction ID: e5d09b45f2d27ad14350be129b7a8c332271c67b09579c843240b4d63ae01f7e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b612a4a374870a3a568559f58fc382373ed31beba74e96b3c515b03ed736095
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 115117B0D04249DFCF04CFE8C995BEEBBB9AF59704F208559D025A7390DB342A84DBA1
                                                                                                                                                                                                                                          Function 6E17BF50 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000060,00000060), ref: 6E17C021
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000060,00000060), ref: 6E17C037
                                                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E17C045
                                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 6E17C080
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Affinity::operator!=ClientConcurrency::details::HardwareScreen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 473536026-0
                                                                                                                                                                                                                                          • Opcode ID: 2e2424b8ea6523e3a21f12ada43ac5c9514deedc1f0d4aac10e6da39e6e8eaea
                                                                                                                                                                                                                                          • Instruction ID: f9e009271dec77d9689872ada3f0a1a2ecddd00950e1fb8324026013343b5d7d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e2424b8ea6523e3a21f12ada43ac5c9514deedc1f0d4aac10e6da39e6e8eaea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E41FA75900208AFCF14DF94C890FEEB7B9BF48B14F108659E915AB290DB35AA44DFA0
                                                                                                                                                                                                                                          Function 6E17B99D Relevance: 6.1, APIs: 4, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack.LIBCPMTD ref: 6E17B9B9
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17BA44
                                                                                                                                                                                                                                          • std::exception::exception.LIBCMTD ref: 6E17BA53
                                                                                                                                                                                                                                          • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 6E17BA92
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreationTask$AllocatorCallstackCallstack::_Concurrency::details::_Container_base12Container_base12::~_DebugHeapstd::_std::exception::exception
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2177862447-0
                                                                                                                                                                                                                                          • Opcode ID: 4101a2d38a7b5b5854d5c6d04b24057badd3cc1d79d78c6d0c3126cb361c24c0
                                                                                                                                                                                                                                          • Instruction ID: 853e5e09222b0f58940722f7da08bb36406106a3848050a47a116e582d55260e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4101a2d38a7b5b5854d5c6d04b24057badd3cc1d79d78c6d0c3126cb361c24c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 994107B0D00249DFCF14DFE8C995AEEBBB5AF58704F208459D125B7294DB306E84EBA1
                                                                                                                                                                                                                                          Function 6E1A3823 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,8007000E,?,6E195559,6E1A399B,?,?,6E180862,8007000E,?,?,?,6E15DCAC,8007000E,?,6E1808EC), ref: 6E1A3828
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A3885
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A38BB
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000008,000000FF,?,8007000E,?,6E195559,6E1A399B,?,?,6E180862,8007000E,?,?,?,6E15DCAC), ref: 6E1A38C6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                          • Opcode ID: b6bea553b469a6a73557d4352ba5f3071486d5b829b23647e59add42316c7ce9
                                                                                                                                                                                                                                          • Instruction ID: 050b868c094a09b0ac7afe383286ac9f7db0e7fcb8e3a128b75310862aba331f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6bea553b469a6a73557d4352ba5f3071486d5b829b23647e59add42316c7ce9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF11C63A604A016ADA415AFE8C8CFBE366D9BC6779B214B28F334D21D4DF2488C77121
                                                                                                                                                                                                                                          Function 6E1A1773 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,6E17F5F0,6E1A1615,00000000,00000004,00000000), ref: 6E1A17C2
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,6E17FBDD,6E17F5F0), ref: 6E1A17CE
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1A17D5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2744730728-0
                                                                                                                                                                                                                                          • Opcode ID: 659e58fcc33528e4c0a496dcc7e83fab8c335df7207f2dd330282db33ee417bc
                                                                                                                                                                                                                                          • Instruction ID: 1d10c1876342ff455a1a728da09a644f61412f652428efb26dc52ab821fa0ca1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 659e58fcc33528e4c0a496dcc7e83fab8c335df7207f2dd330282db33ee417bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9501C8BA601605ABDB009FE9CC04BFE7A7ADF41379F204215F624970D0DB708589F760
                                                                                                                                                                                                                                          Function 6E178BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • type must be number, but is , xrefs: 6E178C97
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task
                                                                                                                                                                                                                                          • String ID: type must be number, but is
                                                                                                                                                                                                                                          • API String ID: 1384045349-1272216085
                                                                                                                                                                                                                                          • Opcode ID: be592e783f584781e7fe2014ceb6ae2419f8c5ab54fff903629c25329e95e2d6
                                                                                                                                                                                                                                          • Instruction ID: 4ea68cd13069396db4a92a0f92dc404ef493688541bc55b217d5334d06c20533
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be592e783f584781e7fe2014ceb6ae2419f8c5ab54fff903629c25329e95e2d6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C415E75904658EFCF14CFE4C850AEEBBB5FF49704F108569D816AB390DB30AA85EB80
                                                                                                                                                                                                                                          Function 6E178E10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16716F
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16717B
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167190
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E1671A8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E178EB8
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E178EC7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • type must be boolean, but is , xrefs: 6E178E70
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID: type must be boolean, but is
                                                                                                                                                                                                                                          • API String ID: 865528258-4184302307
                                                                                                                                                                                                                                          • Opcode ID: c1b9d5090f46fba15baaeea22c3137a669dd9a1839f9e27a1a2367f2d16977ce
                                                                                                                                                                                                                                          • Instruction ID: 30ff0c2e8143fc33e3cc9e4c0186e5c5d7dec88030722ebf2492d351b051f1ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1b9d5090f46fba15baaeea22c3137a669dd9a1839f9e27a1a2367f2d16977ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0213171D0424CAFCF14DFE4D850AEEBBB8EF58714F104559D815AB380DB34AA85EB90
                                                                                                                                                                                                                                          Function 6E17FBC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,00000000), ref: 6E17FBE9
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000), ref: 6E17FBF3
                                                                                                                                                                                                                                            • Part of subcall function 6E155C30: _DebugHeapAllocator.LIBCPMTD ref: 6E155C67
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E15C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E15C8F8
                                                                                                                                                                                                                                            • Part of subcall function 6E15C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E15C93A
                                                                                                                                                                                                                                            • Part of subcall function 6E165A30: _DebugHeapAllocator.LIBCPMTD ref: 6E165AEC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::CloseConcurrency::details::ContextHandleIdentityObjectQueueSingleWaitWork
                                                                                                                                                                                                                                          • String ID: in_
                                                                                                                                                                                                                                          • API String ID: 4013112877-3102548977
                                                                                                                                                                                                                                          • Opcode ID: 995ea060a72309b3b89f0b5483d97166faa72de2e0eab831ca1e315e5a0e793c
                                                                                                                                                                                                                                          • Instruction ID: cc9cd03e033c0403968d523ba020b968a70a765f2e7b6f7854e1ec251ebaabfc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 995ea060a72309b3b89f0b5483d97166faa72de2e0eab831ca1e315e5a0e793c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 991191B1800105EACF10DBE0DC14FFF77A9AB59B18FB04619E431A62D0DB3519D4EA62
                                                                                                                                                                                                                                          Function 00405EAB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405EC9
                                                                                                                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,0040382A,004DF0C0,004E30C8), ref: 00405EE4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                          • Opcode ID: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                          • Instruction ID: e8a8b8b1c64af8904643f6899c21fc71a506a3659d4cdc328e790c9301f5e3ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f25573a167f5d7e94ef3749a48273d52f629be49305b635a70712ae5e4e57be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F09076600208BBDB10CF69DD05A9FBBBDEF95710F00803BE944E7250E6B09E50DB98
                                                                                                                                                                                                                                          Function 6E1A1BF4 Relevance: 4.9, APIs: 3, Instructions: 406COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f0d9334a2b011a1d4e19a994e6ace9d803fd81b4ab81f333b29313d2550ee91a
                                                                                                                                                                                                                                          • Instruction ID: 6b7deca210338d4aca1c4719fab4eab7dfdd112282e400a110e912ec40e93fbc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0d9334a2b011a1d4e19a994e6ace9d803fd81b4ab81f333b29313d2550ee91a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97D106FDF04655AAEB54CEDDC8547FEB6BAAF84310F24441AEA04E7240E77088C9AB54
                                                                                                                                                                                                                                          Function 6E18C6E4 Relevance: 4.6, APIs: 3, Instructions: 148timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6E18C742
                                                                                                                                                                                                                                          • GetFileSizeEx.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 6E18C757
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$SizeTime
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3321136615-0
                                                                                                                                                                                                                                          • Opcode ID: 9bc0d1e6dc6ea3448e040424f4c07ff35206c00077e941c3569fd36d8bdfe042
                                                                                                                                                                                                                                          • Instruction ID: a630daf7e8170db6436b32dd37bdfc378253774887522d982671e274b9814faf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bc0d1e6dc6ea3448e040424f4c07ff35206c00077e941c3569fd36d8bdfe042
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C518B71A006049FCB14DFA9C884CABF7F9BF55710B118A2EE456DB280EB30E984EF51
                                                                                                                                                                                                                                          Function 6E1A7F18 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A7F8B
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A7FE1
                                                                                                                                                                                                                                            • Part of subcall function 6E1A7DBD: _free.LIBCMT ref: 6E1A7E15
                                                                                                                                                                                                                                            • Part of subcall function 6E1A7DBD: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,6E1BBAA0), ref: 6E1A7E27
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$InformationTimeZone
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 597776487-0
                                                                                                                                                                                                                                          • Opcode ID: 3ec473a0002501be42c3b53408ebc3f6929b906c12a17561d1775ff697c793cf
                                                                                                                                                                                                                                          • Instruction ID: cd5a3a667bf1ff5aea508d6b23526a3afbbe6547b16209d141a6405b721e7aca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ec473a0002501be42c3b53408ebc3f6929b906c12a17561d1775ff697c793cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D2101798042155AD730D6AD8C44EFE777C9B91718F210657DAB5F31C4EB304FC5A6A0
                                                                                                                                                                                                                                          Function 6E18F698 Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __RTC_Initialize.LIBCMT ref: 6E18F6E5
                                                                                                                                                                                                                                            • Part of subcall function 6E1904A3: InitializeSListHead.KERNEL32(6E1CF0B8,6E18F6EF,6E1C8490,00000010,6E18F680,?,?,?,6E18F8A8,?,00000001,?,?,00000001,?,6E1C84D8), ref: 6E1904A8
                                                                                                                                                                                                                                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E18F74F
                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 6E18F799
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize$HeadList___scrt_fastfail___scrt_is_nonwritable_in_current_image
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2097537958-0
                                                                                                                                                                                                                                          • Opcode ID: bbee515fde0b9099ef670d92f8faba58fbdbf2ff5eb41e354da6150caf54f95e
                                                                                                                                                                                                                                          • Instruction ID: 20bb03a97e57b4611994f03d2af88f2b5399e5509c65998639ddccea97bcb7f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbee515fde0b9099ef670d92f8faba58fbdbf2ff5eb41e354da6150caf54f95e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D21F33514824A9AEB40EBF4C4197EE376A9F2A72DF304819D4B0AB1C0DB3554C6FE65
                                                                                                                                                                                                                                          Function 6E17FDE0 Relevance: 4.6, APIs: 3, Instructions: 69memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17FE19
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17FE7C
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E17FE95
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1698587239-0
                                                                                                                                                                                                                                          • Opcode ID: 2591e952c7bd3b223148558bd775f8908f8fd5ded9d87a429c583241d8a2e5ad
                                                                                                                                                                                                                                          • Instruction ID: f772cf6b2f8ad0bc902b171c1b1cfd1be974a067a3451ea6ed3e2f57f9346687
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2591e952c7bd3b223148558bd775f8908f8fd5ded9d87a429c583241d8a2e5ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 502132B190410CABCB14DBE5C804BDEB7B9EB4DA24F604629E436A73D0DB341981AB63
                                                                                                                                                                                                                                          Function 6E18B131 Relevance: 4.6, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PathFindFileNameW.SHLWAPI(00000000,?,6E18B257,?), ref: 6E18B13D
                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,00000000,?,6E18077D,?,00000000,6E1C15CC,00000000,00000001,00000000,?,6E18F8BF,?,00000001,00000000,?), ref: 6E18B17C
                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,6E18077D,?,00000000,6E1C15CC,00000000,00000001,00000000,?,6E18F8BF,?,00000001,00000000,?,00000001), ref: 6E18B188
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorMode$FileFindNamePath
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3295048339-0
                                                                                                                                                                                                                                          • Opcode ID: 8b57ad99753d61d0d05d7099caf29e3e6cd8f0f41f77c6e6e7a4d63ab3687432
                                                                                                                                                                                                                                          • Instruction ID: 50a303bb20ee08fa78f21007db8d6a0c54952db26e2c072102c70a2b5e8e139f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b57ad99753d61d0d05d7099caf29e3e6cd8f0f41f77c6e6e7a4d63ab3687432
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86115E75414308AFDB50EFA4E808F9F3BADAF01758F248819F9298A265DB71C5D1EF60
                                                                                                                                                                                                                                          Function 6E181A19 Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(?,00000040,00000000,00000002,?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A38
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A46
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A53
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$FilePointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1156039329-0
                                                                                                                                                                                                                                          • Opcode ID: 75d09040dff8e5cd6749ca307408334c62d4da9d23c2bff26e396b1cb1e7a7d4
                                                                                                                                                                                                                                          • Instruction ID: 66118f2bc397923a982ec1edab5166259465dde7c6febd3153a969dac72dfbab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75d09040dff8e5cd6749ca307408334c62d4da9d23c2bff26e396b1cb1e7a7d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F0B775900609EFDF04EFE4D9848DEBBB9EF59320B208659F82596250D770DA40AA60
                                                                                                                                                                                                                                          Function 6E17C980 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E17C99A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::ios_base::good
                                                                                                                                                                                                                                          • String ID: .exe
                                                                                                                                                                                                                                          • API String ID: 3100596842-4119554291
                                                                                                                                                                                                                                          • Opcode ID: 8b34ea913b997ce14ff0b84cd59c1b58a26c939d9e310ef310d22f9361b61b17
                                                                                                                                                                                                                                          • Instruction ID: 491f463bb41580e67eaedb71bd17fd5d09cab760be3f04b4e94d4b058c860f5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b34ea913b997ce14ff0b84cd59c1b58a26c939d9e310ef310d22f9361b61b17
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CE065B090020CF7CF54DFD4D850BAE7B656B04608F504499D90B5F341EB35DE94A7D1
                                                                                                                                                                                                                                          Function 6E15EF70 Relevance: 3.3, APIs: 2, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Receive_impl
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1766747923-0
                                                                                                                                                                                                                                          • Opcode ID: bc87a095e19a2d6f2786fad19a3f53d1388ac1ea95a487f61ad8a53341919acc
                                                                                                                                                                                                                                          • Instruction ID: 0fdeed3969e50307b608eba4e5779b5d4c6ea79e4aea1e96fc4dba9912a6de40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc87a095e19a2d6f2786fad19a3f53d1388ac1ea95a487f61ad8a53341919acc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60D1A2B4E00108EFDB48CF98C590AADB7B6BF88304F24C559E8296B345D731AE95DF91
                                                                                                                                                                                                                                          Function 6E17CA50 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 120sleepCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E17C980: std::ios_base::good.LIBCPMTD ref: 6E17C99A
                                                                                                                                                                                                                                          • Sleep.KERNEL32(000000AA,?,?,?,?,?,?,?,?,?,?,?,?,00000000,6E1B341D,000000FF), ref: 6E17CB69
                                                                                                                                                                                                                                            • Part of subcall function 6E1665F0: ShowWindow.USER32(00000000,00000000,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000), ref: 6E1665FF
                                                                                                                                                                                                                                            • Part of subcall function 6E1665F0: ShowWindow.USER32(8DFFFFFF,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16660E
                                                                                                                                                                                                                                            • Part of subcall function 6E1665F0: ShowWindow.USER32(F9E8CC4D,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16661D
                                                                                                                                                                                                                                            • Part of subcall function 6E1665F0: ShowWindow.USER32(8BFFFFE7,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16662C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Element Path not found: , xrefs: 6E17CAD1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ShowWindow$Sleepstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: Element Path not found:
                                                                                                                                                                                                                                          • API String ID: 1922422228-4021771638
                                                                                                                                                                                                                                          • Opcode ID: 8d2b983ddce8c73c855aa18b56cc02a7f066f002aee40a0c66724c262748d490
                                                                                                                                                                                                                                          • Instruction ID: ebcd5e555bdb1ce46f31747ce232b35a7f4a1927c496446f6d4d0fe6b26accf4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d2b983ddce8c73c855aa18b56cc02a7f066f002aee40a0c66724c262748d490
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A4142B09102099BCF14DFE4D855BEEBBB9BF48714F608629E415AB380DB34A984DF91
                                                                                                                                                                                                                                          Function 6E15D050 Relevance: 3.1, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15D139
                                                                                                                                                                                                                                            • Part of subcall function 6E182D44: __EH_prolog3.LIBCMT ref: 6E182D4B
                                                                                                                                                                                                                                            • Part of subcall function 6E182D44: __EH_prolog3_catch.LIBCMT ref: 6E182D8D
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15D1FA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$H_prolog3H_prolog3_catch
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1036897443-0
                                                                                                                                                                                                                                          • Opcode ID: a4ce4c6170a2458239c993a94e99aff7e314ac7f3af2a70cd70496e02e4a95ec
                                                                                                                                                                                                                                          • Instruction ID: 0cb54e247969844987549fbb866a214e9674d0c71964eeeb91245edef6381604
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4ce4c6170a2458239c993a94e99aff7e314ac7f3af2a70cd70496e02e4a95ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59510BB190012C9BCB69DBA4CD91BDEB7B8AF09304F1086D9D52967290DB302FD5DF90
                                                                                                                                                                                                                                          Function 6E15C3C0 Relevance: 3.1, APIs: 2, Instructions: 92sleepCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104,A4C33E3A), ref: 6E15C409
                                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000064), ref: 6E15C411
                                                                                                                                                                                                                                            • Part of subcall function 6E181A19: SetFilePointer.KERNELBASE(?,00000040,00000000,00000002,?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A38
                                                                                                                                                                                                                                            • Part of subcall function 6E181A19: GetLastError.KERNEL32(?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A46
                                                                                                                                                                                                                                            • Part of subcall function 6E181A19: GetLastError.KERNEL32(?,?,?,?,?,6E15C457,00000008,?,00000002,?,00000040,00000000), ref: 6E181A53
                                                                                                                                                                                                                                            • Part of subcall function 6E18205A: __EH_prolog3.LIBCMT ref: 6E182061
                                                                                                                                                                                                                                            • Part of subcall function 6E1814E1: CloseHandle.KERNELBASE(?,?,?,6E15C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E1814F0
                                                                                                                                                                                                                                            • Part of subcall function 6E1814E1: GetLastError.KERNEL32(?,?,?,6E15C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E181514
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$File$CloseH_prolog3HandleModuleNamePointerSleep
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2231300754-0
                                                                                                                                                                                                                                          • Opcode ID: df9ca461f11b31ba86b74ce62ead480e9261587841a7c298eccf747a3db984b0
                                                                                                                                                                                                                                          • Instruction ID: f9ee097f2c5a8b4c41ffdd1b8db07b1b7736979b7be6acdb7be24520611d3dfe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df9ca461f11b31ba86b74ce62ead480e9261587841a7c298eccf747a3db984b0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 464139B1A4111CAEDB24DB90DC89BEDB7B8EF04704F6085D9A11AA7290DB742F88CF40
                                                                                                                                                                                                                                          Function 6E18C36B Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(00000000,00001000,00000000,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E18C386
                                                                                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,00001000,?,?,?,?,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E18C39A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707611234-0
                                                                                                                                                                                                                                          • Opcode ID: 261b3ec3805846b1884d80cfabf53326df160e26bbf4ad638d827126396fff23
                                                                                                                                                                                                                                          • Instruction ID: 463ec01744434c9055740e7078f42bcdbbfc373c9837b7323b02fc0cfafb5ca2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 261b3ec3805846b1884d80cfabf53326df160e26bbf4ad638d827126396fff23
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16014872A00209ABCB04DFA4C944AEEB7FCAF18201F20851AE816E7240DB30AA44DF61
                                                                                                                                                                                                                                          Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                          • Opcode ID: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                          • Instruction ID: 11189a7010c7ef4f551f6273c6f502c25af520ce36bbf29b1e3929f99495605f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bd6c5a8fdcdf2cf9a6bba33cc7502a6d80b6dcfa2a0e894e00c73e73fb262d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F02831A10220DBD7165B349C08B273799BB81354F258637F819F62F2D2B8CC41CB4C
                                                                                                                                                                                                                                          Function 6E1A1615 Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(6E1C8780,0000000C), ref: 6E1A1628
                                                                                                                                                                                                                                          • ExitThread.KERNEL32 ref: 6E1A162F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1611280651-0
                                                                                                                                                                                                                                          • Opcode ID: cc00b2eeae816b5d4f84b0e0a79da9cf2162b2df44a486711b1e425bb9e03191
                                                                                                                                                                                                                                          • Instruction ID: 3bc6c34c17f92253a5bd0ab2cb485370049b67d5470e4f496a39ca2e38dd5824
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc00b2eeae816b5d4f84b0e0a79da9cf2162b2df44a486711b1e425bb9e03191
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13F022B9A002049FDB04EFF4C449BBE7739FF05715F244849E2129B290CB706981EF91
                                                                                                                                                                                                                                          Function 6E181B8F Relevance: 3.0, APIs: 2, Instructions: 35fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 6E181BAC
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?), ref: 6E181BB8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 442123175-0
                                                                                                                                                                                                                                          • Opcode ID: 5d444a3f53c4bbf961d53defe50940fa6caf20fd57cf140cd5824c4d69650fbb
                                                                                                                                                                                                                                          • Instruction ID: 41f61e4011a4bef1c40a67e54e5c5f0bb4094cb99b091abf41048c610befabac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d444a3f53c4bbf961d53defe50940fa6caf20fd57cf140cd5824c4d69650fbb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBF0E232600215BBCE40ABD0CC04EDF7B7EEF51728F208155F920AB084D7729945AFA0
                                                                                                                                                                                                                                          Function 6E18B176 Relevance: 3.0, APIs: 2, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,00000000,?,6E18077D,?,00000000,6E1C15CC,00000000,00000001,00000000,?,6E18F8BF,?,00000001,00000000,?), ref: 6E18B17C
                                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,6E18077D,?,00000000,6E1C15CC,00000000,00000001,00000000,?,6E18F8BF,?,00000001,00000000,?,00000001), ref: 6E18B188
                                                                                                                                                                                                                                            • Part of subcall function 6E18B1D4: GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?,00000000), ref: 6E18B20F
                                                                                                                                                                                                                                            • Part of subcall function 6E18B1D4: PathFindExtensionW.SHLWAPI(?), ref: 6E18B229
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorMode$ExtensionFileFindModuleNamePath
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1764437154-0
                                                                                                                                                                                                                                          • Opcode ID: 3cb937349ea2426623b0ffdf932f6db9884ac2c1ec7480de2a55b9f8bc62e6eb
                                                                                                                                                                                                                                          • Instruction ID: da699605f330313c190423e9b84e3cc44b7d09ed967c20bc2149828f73618097
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cb937349ea2426623b0ffdf932f6db9884ac2c1ec7480de2a55b9f8bc62e6eb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2F054759103045FDB60EFA5D448E4F7BA8AF06758F248859F4148B215D771D481DFA1
                                                                                                                                                                                                                                          Function 6E1819D8 Relevance: 3.0, APIs: 2, Instructions: 26fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ReadFile.KERNELBASE(?,00000040,00000000,00000000,00000000,?,?,?,6E15C477,?,00000008,00000008,?,00000002), ref: 6E1819F8
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,6E15C477,?,00000008,00000008,?,00000002), ref: 6E181A05
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                                                                                                                          • Opcode ID: d1df63b0f52026524f3226149cdcb5c43e6be149c1a3c0e70947c89614240490
                                                                                                                                                                                                                                          • Instruction ID: 019fe54f775f19c158268bb6dace86d8c6dd9aa9a6acd86f18053ca347132206
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1df63b0f52026524f3226149cdcb5c43e6be149c1a3c0e70947c89614240490
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E03236610608FFCF00ABE5DC05A8A7BADAB15754F10C424B912A5010E7B0DA54AFA0
                                                                                                                                                                                                                                          Function 00405E7C Relevance: 3.0, APIs: 2, Instructions: 15fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                                          • Opcode ID: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                          • Instruction ID: 4537c79132fc6b4e07af9f6f4ddc5e1db4475248beafdc935845b7fb5ee8fdc2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea37a1a334eaa57c44c9ac3bd50a12c4681d8f83bf4f6bb47fe7ae46db9ee3b5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08D09E71558202EFEF098F60DD1AF6EBBA2EB94B00F11852CB252550F1D6B25819DB15
                                                                                                                                                                                                                                          Function 6E1814E1 Relevance: 2.5, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(?,?,?,6E15C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E1814F0
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,6E15C37B,00000000,?,00000001,00001000,00000000,00000000,00000000,A4C33E3A), ref: 6E181514
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 918212764-0
                                                                                                                                                                                                                                          • Opcode ID: a3cccd27293b18c26917fae5a89fffd9dfe8631bd4e497ec2fd05a8c82ac7c5d
                                                                                                                                                                                                                                          • Instruction ID: a90aa86fe81eb1432c7145a1cbb7bf95ce2f1a5e4b6ce00ad18878398e6cc13c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3cccd27293b18c26917fae5a89fffd9dfe8631bd4e497ec2fd05a8c82ac7c5d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E0D873401E23ABCB149BA4EC08A46F725FF11731711C325D879569E0DB3098B7EAD4
                                                                                                                                                                                                                                          Function 6E1817D7 Relevance: 1.7, APIs: 1, Instructions: 160fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E181C23: __EH_prolog3_GS.LIBCMT ref: 6E181C2D
                                                                                                                                                                                                                                            • Part of subcall function 6E181C23: GetFullPathNameW.KERNEL32(?,00000104,00000040,?,00000268,6E181850,?,00000040,?,00000040,00000104,00000000), ref: 6E181C60
                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000040,80000000,00000000,0000000C,00000003,?,00000000,?,00000000,?,00000040,?,00000040,00000104,00000000), ref: 6E181977
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFileFullH_prolog3_NamePath
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2133410154-0
                                                                                                                                                                                                                                          • Opcode ID: 971e7cbdb1385027a0512e60267d140844ffae60a50dbf2d4ccec2df93b1779b
                                                                                                                                                                                                                                          • Instruction ID: 511d56abe5d223c7c6de60c59a3f0585dfeb4f86f8f698c9dddf02d4c7d3c22c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 971e7cbdb1385027a0512e60267d140844ffae60a50dbf2d4ccec2df93b1779b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7351B273F4021A9BEB10CEA5C855BDBB7A9AB15304F2049A99439D7280D774CAC4EF50
                                                                                                                                                                                                                                          Function 6E18205A Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 431132790-0
                                                                                                                                                                                                                                          • Opcode ID: 42814f7112a1df48800d3bc5c4abe9cd50fe5e6f3667cae814acf91fc9213586
                                                                                                                                                                                                                                          • Instruction ID: 6eccaf0f11c249b4bbef1e52f53e08acb2f3ec68d47d251b87a1a2243bb3b7ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42814f7112a1df48800d3bc5c4abe9cd50fe5e6f3667cae814acf91fc9213586
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99414FB1910205CFCB89CF68C8846AA7BA5BF48314F2445ADEC15DB38AE774D980DF90
                                                                                                                                                                                                                                          Function 6E17B3E0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnumWindows.USER32(00000000,?), ref: 6E17B449
                                                                                                                                                                                                                                            • Part of subcall function 6E17D900: Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 6E17D9D2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceEnumWindows
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 494508335-0
                                                                                                                                                                                                                                          • Opcode ID: 6e8139ca2672595085df80f41d323490c6f06db0d1cb57f1e0ce2cf235357449
                                                                                                                                                                                                                                          • Instruction ID: f39e0a56e11d1a82c98767f0d142de5a10b5ce3325b0020bdbc0dc5271f85bec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8139ca2672595085df80f41d323490c6f06db0d1cb57f1e0ce2cf235357449
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54113D7180550CEBCB04DFE4CA45BDEBBB9EF19714F208659E416A7280EB346B44DB91
                                                                                                                                                                                                                                          Function 6E18AA2A Relevance: 1.5, APIs: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E18AA31
                                                                                                                                                                                                                                            • Part of subcall function 6E18A4DE: TlsAlloc.KERNEL32(?,6E18AA5D,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18A4FD
                                                                                                                                                                                                                                            • Part of subcall function 6E18A4DE: InitializeCriticalSection.KERNEL32(6E1CE860,?,6E18AA5D,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18A50E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocCriticalH_prolog3InitializeSection
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2369468792-0
                                                                                                                                                                                                                                          • Opcode ID: 121fd970d506bd62d31588e928633744191ff412409d065901bf7014a7e36cfd
                                                                                                                                                                                                                                          • Instruction ID: 3899504c3efd3a96bae4f657a227d55e4f8a30732f80b5b58889d8e128bcd5d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 121fd970d506bd62d31588e928633744191ff412409d065901bf7014a7e36cfd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07015E30A506169BEB85EFB4C5296AF3BA6AF50754B204528E411CB6C0EB78CED0FF40
                                                                                                                                                                                                                                          Function 6E192DFE Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 6842923-0
                                                                                                                                                                                                                                          • Opcode ID: 292a8a91584012b21937e0caf7cc5e61df5641f44f011a8e8afba8dc355c6258
                                                                                                                                                                                                                                          • Instruction ID: dc2d2d9f80ca39c079d6afc08840d533d4488a71832269d1306ad0deb1017d2d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 292a8a91584012b21937e0caf7cc5e61df5641f44f011a8e8afba8dc355c6258
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9001D675900209AFCB419FACD4D0BAEBBB9FF58700F114059ED15AB391D770E941DB90
                                                                                                                                                                                                                                          Function 6E181523 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E18152A
                                                                                                                                                                                                                                            • Part of subcall function 6E1811D2: __EH_prolog3.LIBCMT ref: 6E1811D9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 431132790-0
                                                                                                                                                                                                                                          • Opcode ID: 56a1da05b1af05d3a3d8a871a2ef7c6bc02dabfb96e44d1c501b0c09cce7a424
                                                                                                                                                                                                                                          • Instruction ID: f9aa541d75d4ab68eda63d72ae02e312960fd10366c35511a6a2e1cbf67a36c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56a1da05b1af05d3a3d8a871a2ef7c6bc02dabfb96e44d1c501b0c09cce7a424
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E401407191012AEBCF04DFE4C8549EEBB76FF18324B204A19E836672D0DB709994EF90
                                                                                                                                                                                                                                          Function 6E1A4B9A Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E1A386E,00000001,00000364,00000008,000000FF,?,8007000E,?,6E195559,6E1A399B), ref: 6E1A4BDB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 010a1b232e51b41c2b64100d92e8d42ce06139722e16e92becfc7585019208b1
                                                                                                                                                                                                                                          • Instruction ID: 63f6ebeeb0877250665a172d4df40357dd4658a92e2f1b8fd0a5865a75a017dd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 010a1b232e51b41c2b64100d92e8d42ce06139722e16e92becfc7585019208b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41F02B3D20452657AF604AEE9810F76379CBF81660F2080519F18E6084CF30D8C3A7E0
                                                                                                                                                                                                                                          Function 6E17C9D0 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E17C980: std::ios_base::good.LIBCPMTD ref: 6E17C99A
                                                                                                                                                                                                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 6E17CA16
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Affinity::operator!=Concurrency::details::Hardwarestd::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2707540758-0
                                                                                                                                                                                                                                          • Opcode ID: 30ac86777ed64976acdd324eaca44d04b4e762e73aefd1f646830440de258128
                                                                                                                                                                                                                                          • Instruction ID: 0a7e2cf3c59c7aba4c0feceaf17206216498f2af7ce1b4561d19e8ed2b223960
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30ac86777ed64976acdd324eaca44d04b4e762e73aefd1f646830440de258128
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EF031B19145089BCB14CF94DD40BEEB7B8FB05B14F104A29E426A72C0DB346A04DB91
                                                                                                                                                                                                                                          Function 6E1A3958 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,8007000E,?,?,6E180862,8007000E,?,?,?,6E15DCAC,8007000E,?,6E1808EC,0000000C,00000004,6E1590DC), ref: 6E1A398A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 6f308c3e25e307e7b13200746e1e3fddedcdac2205c2e74129351a20485bb673
                                                                                                                                                                                                                                          • Instruction ID: 7d7170e4fca10c47cd43a021ddd101ac81104401459b2f5e04f5bed9e8f7ec19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f308c3e25e307e7b13200746e1e3fddedcdac2205c2e74129351a20485bb673
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40E0A72950971396AA7156ED981CBBE765C9F523B1F2101109E2AD5194CB10C8C2B5E1
                                                                                                                                                                                                                                          Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                                          • Opcode ID: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                          • Instruction ID: 6ac59f4cb3fe35c1316d0bdd9a7bfda3bd496f009ebd6252a63c396af269f63e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f617a5e021c5b0a319d386adb8c185e40962a0be4c43712b9beeddd23e90c427
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E08C32650118FFDB109EA69C84EE73B5CFB047A2F00C432BD55E5190DA30DA00EBA4
                                                                                                                                                                                                                                          Function 6E159420 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E159431
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: LoadLibraryW.KERNEL32(mscoree.dll,A4C33E3A,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446,00000000,6E1CF8E0), ref: 6E159734
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: GetLastError.KERNEL32(00000000,00000073,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446,00000000), ref: 6E15976B
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E159792
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: GetLastError.KERNEL32(?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E1597A1
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E1597AE
                                                                                                                                                                                                                                            • Part of subcall function 6E159700: FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E159847
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$AllocatorDebugErrorFreeHeapLast$AddressLoadProc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2936703648-0
                                                                                                                                                                                                                                          • Opcode ID: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                                                                                                                                          • Instruction ID: f5f097433a66a72d96792886730c6f83e0ec0bae66b3027a5b0be2dd4b71d77c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00ef7260adbbf1c31eb9912a32b14daaa630b32bbe857564a68db894be4fc625
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4EE01AF0605048EB8B08DFD5CA719FEB769AF45218B1044ADA43A57340CB306F60FB92
                                                                                                                                                                                                                                          Function 004037F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(004E30C8,00000000,004E30C8,004E30C8,004E30C8,-00000002,00403A37), ref: 00403819
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4115351271-0
                                                                                                                                                                                                                                          • Opcode ID: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                          • Instruction ID: c72586207ca4fe3275e323c6ce7a55902ce0015f7edb1a19efdc0f2786dab76c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec387b52da79c0d7c7db124e40c02042f93ac80872f0e6df2e3daec6660af043
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D0921218293121C66237663D0ABCF195C4F92B2EB0280B7F942B61D69B6C4A9285EE
                                                                                                                                                                                                                                          Function 6E19144C Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000000,00000000,?,6E1913B0,00000000,00000000,?,?,?,6E1614AA,00000000,00000000), ref: 6E191455
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                                          • Opcode ID: 5721a7110c8067df4fe7ce03809e1046bc39871a8a398bc5f5428cbb7ea180e4
                                                                                                                                                                                                                                          • Instruction ID: 3e9c2f530c08bc22b258efa39b8cecfc9a44282889877484f819327e355ad951
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5721a7110c8067df4fe7ce03809e1046bc39871a8a398bc5f5428cbb7ea180e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1CD02B3130212557CF445FE588105667B0DEF175F87124214FDB4CB190C3304895B3C0
                                                                                                                                                                                                                                          Function 6E181161 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E181168
                                                                                                                                                                                                                                            • Part of subcall function 6E181523: __EH_prolog3.LIBCMT ref: 6E18152A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 431132790-0
                                                                                                                                                                                                                                          • Opcode ID: 177bbfad317e84a39065bff7525711058fea658ebeeefd81d68ed66374cff484
                                                                                                                                                                                                                                          • Instruction ID: 9fd14cadc4e3025db3d28cfc7b97d971c0e5747377ba9e01d07b9870158754aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 177bbfad317e84a39065bff7525711058fea658ebeeefd81d68ed66374cff484
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03E086B2A0010DABDB01EFD0CC00BEEB72A7F54318F204505F1525A290CBB14994FB51
                                                                                                                                                                                                                                          Function 6E172860 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: allocator
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3447690668-0
                                                                                                                                                                                                                                          • Opcode ID: 6d1daec349bea2209e9e321151a27abe392528a0f770b9fc473a4bc0d92ac2c0
                                                                                                                                                                                                                                          • Instruction ID: affb76b722249a9c12d39925a4d2e9c098d081a31cc13eff0a7b4894c44f1f7b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d1daec349bea2209e9e321151a27abe392528a0f770b9fc473a4bc0d92ac2c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01C012B551010CAB8B44DB98E840D9A339D5A48D587008414B50DC7200DA35FD50D761
                                                                                                                                                                                                                                          Function 6E1728C0 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: allocator
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3447690668-0
                                                                                                                                                                                                                                          • Opcode ID: d26b1ccd2e344550ff2ef77a6e5a6c606714f84e9eaa1551efbb40b96012549a
                                                                                                                                                                                                                                          • Instruction ID: 98dba73b7aa30d61fba7cde86f54a8c4d8cb96259b897189d8fb38c172cc90d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d26b1ccd2e344550ff2ef77a6e5a6c606714f84e9eaa1551efbb40b96012549a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7C012B5520208AB8F44DB98E840D9E379D5A589587008414B50DC7200DA35FA50D761
                                                                                                                                                                                                                                          Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403786,?,?,?,?,00000000,00403A73,?), ref: 00403376
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                                          • Opcode ID: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                          • Instruction ID: a45aac6c24818fd8413ddab5752014fb5f73d741524c96ff6ff4c62981ea4fba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc311ea945a84079b9d2f50dcaf6257f2c75df5904c01363540678bd5f9aa8d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83B01231640200FFEA214F50DE09F06BB21B794700F208430B350380F082711820EB0C
                                                                                                                                                                                                                                          Function 10B90488 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4207192981.0000000010B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 10B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10b90000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27ff3cb5bff1cdc59e2cb2f328d84860f77519a32188a4c6475d7fdc82ae39ce
                                                                                                                                                                                                                                          • Instruction ID: c2c537f87dc05bf520edf50024128331961d2df95c0916e2b3d7fb920a6dee2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27ff3cb5bff1cdc59e2cb2f328d84860f77519a32188a4c6475d7fdc82ae39ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05017C70760205AFE304A66DE940A5AABD7EBC5350B108939D309DB368EE32EC4A87D5
                                                                                                                                                                                                                                          Function 0E78D007 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4205619650.000000000E78D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E78D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_e78d000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 69b500dc73783882d5c3d5240d259e2bc41b18352dd4373f1aff5f2f46c2c3de
                                                                                                                                                                                                                                          • Instruction ID: f57426a2460952c9c61ae84de153e81fb8b36d2d25c5e6a85e256b34e634b4c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69b500dc73783882d5c3d5240d259e2bc41b18352dd4373f1aff5f2f46c2c3de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4001A96104D3809ED7124A259D94662BFA8EF53220F08848BE9888F1A7C2685C45CB72
                                                                                                                                                                                                                                          Function 10B90487 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4207192981.0000000010B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 10B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10b90000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0281231e6ee970dc87f7f33e67e810294f45237f61aaffc8e80d038b44d85d45
                                                                                                                                                                                                                                          • Instruction ID: 2e0a9066831a33608e139802299da644cb0f77050f6a3ca7133806b4e6354c4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0281231e6ee970dc87f7f33e67e810294f45237f61aaffc8e80d038b44d85d45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D018F70750205AFE304A66DE940A5AB7D7EBC5350F108A39E2098B328EF71EC4A87D5
                                                                                                                                                                                                                                          Function 0E78D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4205619650.000000000E78D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0E78D000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_e78d000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c479b612f5edff1ffc1b7c2b5ba3fd4e68bce56836e81e992eb4aaba344b3406
                                                                                                                                                                                                                                          • Instruction ID: 5a4f7231c78095cc2765c3ea7491165aae8db3bc81a3cd803cd44afeca960a65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c479b612f5edff1ffc1b7c2b5ba3fd4e68bce56836e81e992eb4aaba344b3406
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F101FC711493049DE7205A16EE84767BF9CDF51364F18C829EE084B1D6C2799C41CAB1
                                                                                                                                                                                                                                          Function 10B90443 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4207192981.0000000010B90000.00000040.00000800.00020000.00000000.sdmp, Offset: 10B90000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10b90000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9e8ec70145d257e27825f393c8fac54fe4035dfe802dc752c868324eb4a34f32
                                                                                                                                                                                                                                          • Instruction ID: aa22a742b944e8537ac258e0fc2479dff4b12cceb29946c22304136849d3dcb2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e8ec70145d257e27825f393c8fac54fe4035dfe802dc752c868324eb4a34f32
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5CD05E316042516BC605BB2CF804C9EE79BDED2B303444A2EF6468B354DAA06C9A8798

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 004050F9 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 295windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 0040515B
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 0040516A
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004051C2
                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000015), ref: 004051CA
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,00000002), ref: 004051EB
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004051FC
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040520F
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040521D
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405230
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405252
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405266
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405287
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405297
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004052AC
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004052B8
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 00405179
                                                                                                                                                                                                                                            • Part of subcall function 00403DC4: SendMessageW.USER32(00000028,?,00000001,004057E0), ref: 00403DD2
                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004052D7
                                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00005073,00000000), ref: 004052E5
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 004052EC
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405313
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405318
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040535F
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405391
                                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004053A2
                                                                                                                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004053B7
                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004053CA
                                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053EC
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405427
                                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405437
                                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 0040543D
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,?,?,00000000,?,00000000), ref: 00405449
                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405453
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405467
                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405489
                                                                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405494
                                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 0040549A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlockVersionlstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: New install of "%s" to "%s"${
                                                                                                                                                                                                                                          • API String ID: 2110491804-1641061399
                                                                                                                                                                                                                                          • Opcode ID: b870e07e0f90b65775997a4172df4cb72c50b11c5a38a9ad208b9f3c2b6ee9f0
                                                                                                                                                                                                                                          • Instruction ID: db3ff0878cedf1d1b3e6f9985675ba3e3c8e3ad145c0decdf5c07b0ce3ef5d1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b870e07e0f90b65775997a4172df4cb72c50b11c5a38a9ad208b9f3c2b6ee9f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 46B15970900609BFEB11AFA1DD89EAE7B79FB04354F00803AFA05BA1A1C7755E81DF58
                                                                                                                                                                                                                                          Function 004049A8 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 470windowmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 004049BF
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 004049CC
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404A1B
                                                                                                                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404A2E
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,Function_000048F8), ref: 00404A48
                                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404A5A
                                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404A6E
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404A84
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404A90
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404AA0
                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00404AA5
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404AD0
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404ADC
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404B7D
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404BA0
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404BB1
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404BDB
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404BEA
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404BFB
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404CF9
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404D54
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404D69
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404D8D
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404DB3
                                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404DC8
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404DD8
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404E48
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 00404EF6
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00404F05
                                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404F25
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404F75
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404F80
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404F87
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                          • String ID: $ @$M$N
                                                                                                                                                                                                                                          • API String ID: 1638840714-3479655940
                                                                                                                                                                                                                                          • Opcode ID: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                          • Instruction ID: ef4bce446953bc7ec7e60756d12a1063aab4f745b4df8f164389f1335a379dc2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 232f7ad113cb9ac5efd1b23bb694dfa7ac126bc5f1dc1702430156d0733604ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B028DB090020AAFEF109F95CD45AAE7BB5FB84314F10417AF611BA2E1C7B89D91CF58
                                                                                                                                                                                                                                          Function 6E190F62 Relevance: 45.8, APIs: 23, Strings: 3, Instructions: 309fileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 6E190FC1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E190FD4
                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000080), ref: 6E191020
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E19102A
                                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?), ref: 6E191071
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E19107B
                                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,?,*.*,?), ref: 6E1910C9
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1910DA
                                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000080,?,?,?), ref: 6E1911AC
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 6E1911C0
                                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,DEL,00000000,?), ref: 6E1911E9
                                                                                                                                                                                                                                          • MoveFileExW.KERNEL32(?,?,00000001), ref: 6E19120C
                                                                                                                                                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6E191225
                                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(000000FF,?,?,?,?), ref: 6E191235
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E19124A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E191279
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E19129B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1912BD
                                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 6E1912C7
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1912D1
                                                                                                                                                                                                                                          • MoveFileExW.KERNEL32(?,00000000,00000004), ref: 6E1912F5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E191310
                                                                                                                                                                                                                                          • FindClose.KERNEL32(000000FF), ref: 6E191346
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLast$AttributesFindMove$Temp$CloseDeleteDirectoryFirstNameNextPathRemove
                                                                                                                                                                                                                                          • String ID: *.*$DEL$c:\agent\_work\66\s\src\libs\dutil\dirutil.cpp
                                                                                                                                                                                                                                          • API String ID: 1544372074-2145791747
                                                                                                                                                                                                                                          • Opcode ID: c523258e0d2a51018ede699ec7def514a463ade69903f3b1df128f2b55c583ad
                                                                                                                                                                                                                                          • Instruction ID: 4c781283daf47ea0ed50ee78e2c43e5877fd28eaac22e8f5bb44c05945f0c577
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c523258e0d2a51018ede699ec7def514a463ade69903f3b1df128f2b55c583ad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA10372E4163A9BDB6196E58C04BDE7AAD6F10760F2346A1ED14FB180D7328DC4FAD0
                                                                                                                                                                                                                                          Function 004044D1 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 300stringkeyboardCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 00404525
                                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,000003F0), ref: 00404533
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404553
                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000010), ref: 0040455A
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F0), ref: 0040456F
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000008,?,00000008,000000E0), ref: 00404580
                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004045AF
                                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404669
                                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(0046E220,00451D98,00000000,?,?), ref: 004046A6
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(?,0046E220), ref: 004046B2
                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004046C2
                                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404674
                                                                                                                                                                                                                                            • Part of subcall function 00405CB0: GetDlgItemTextW.USER32(00000001,00000001,00002004,00403FAD), ref: 00405CC3
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                            • Part of subcall function 00406064: CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                            • Part of subcall function 00403EA0: lstrcatW.KERNEL32(00000000,00000000,00476240,004D30A8,install.log,00405AC8,004D30A8,004D30A8,004DF0C0,00451D98,80000001,Control Panel\Desktop\ResourceLocale,00000000,00451D98,00000000,00000006), ref: 00403EBB
                                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(0044DD90,?,?,0000040F,?,0044DD90,0044DD90,?,00000000,0044DD90,?,?,000003FB,?), ref: 00404785
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004047A0
                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(00000000,00000400,0040A264), ref: 00404819
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Item$CharText$Next$FreeWindowlstrcat$AsyncBrowseButtonCheckedDiskFolderPrevShowSpaceStateTaskVersionlstrcmpi
                                                                                                                                                                                                                                          • String ID: F$A
                                                                                                                                                                                                                                          • API String ID: 3347642858-1281894373
                                                                                                                                                                                                                                          • Opcode ID: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                          • Instruction ID: 610cab7253faed09e83e35c18a41c8795a2522a57bd741f73bb79fe4ae4f2c97
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daaa1e0cefc3b075cc9d96c46cb806b6c5f306674e01b7aa8aee38c956bc084c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3B181B1900209BBDB11AFA1CC85AAF7BB8EF45315F10843BFA05B72D1D77C9A418B59
                                                                                                                                                                                                                                          Function 00406EFE Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 270filestringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,0000000C,?,00000000), ref: 00406F5C
                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000010,?,00000000), ref: 00406FD5
                                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000005), ref: 00406FE1
                                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(name,?), ref: 00406FF3
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00407212
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$Read$CloseCreateHandlelstrcmplstrcpynlstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: %s: failed opening file "%s"$GetTTFNameString$name
                                                                                                                                                                                                                                          • API String ID: 1916479912-1189179171
                                                                                                                                                                                                                                          • Opcode ID: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                          • Instruction ID: 0b41acfa2c3272d6dc61f6848418d9961a63ce1f0aee58dce5ac99f5834af97b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f010b36bd41cc349b356d7a0090dd4afe09556d9e36f72f9254c82778cae22fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8491CB70D1412DAADF05EBE5C9908FEBBBAEF58301F00406AF592F7290E2385A05DB75
                                                                                                                                                                                                                                          Function 6E17C790 Relevance: 25.6, APIs: 17, Instructions: 142windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E17C7F9
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 6E17C812
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000303,00000000,00000000), ref: 6E17C825
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2929300976-0
                                                                                                                                                                                                                                          • Opcode ID: bec1126ab8ce184fa502495151eb2dcedbc54cfe3db30c81f14d9634c931cbcd
                                                                                                                                                                                                                                          • Instruction ID: 38de97e0789b9b5bf01a554654fb817596b31749c5292a2b0f29a62063dfb175
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bec1126ab8ce184fa502495151eb2dcedbc54cfe3db30c81f14d9634c931cbcd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4515170944609EFDF50DFE4C859BDEBBB9AF08711F208218F526AB2C0D7749A80DB60
                                                                                                                                                                                                                                          Function 6E17C4B0 Relevance: 22.7, APIs: 15, Instructions: 189windowinjectionmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001114,00000000,00000000), ref: 6E17C4ED
                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 6E17C4FB
                                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000038,00000000,?), ref: 6E17C509
                                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000004), ref: 6E17C524
                                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,00000008,0000003C,00000000), ref: 6E17C557
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 6E17C56C
                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,00000008,0000003C,00000000), ref: 6E17C582
                                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,?,00000010,00000000), ref: 6E17C5E5
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000001,?), ref: 6E17C5FA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$MemoryMessageSend$Write$AllocOpenReadThreadVirtualWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 98512719-0
                                                                                                                                                                                                                                          • Opcode ID: 8eadfa6a34046a99d1f804b82c3a7ab5395070d27db18231d8b3582731eb5c0e
                                                                                                                                                                                                                                          • Instruction ID: 9e8680f87c0c9a0e9567b87a8ef7db2a0c92ac33a830f4b2e9501035c79dd4b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8eadfa6a34046a99d1f804b82c3a7ab5395070d27db18231d8b3582731eb5c0e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42710BB5A10209AFDF14CFE8C885FEEBBB6EF4C701F108119F615AB280D674A941DB64
                                                                                                                                                                                                                                          Function 00406831 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(0046E220,00002004), ref: 00406984
                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(0046E220,00002004), ref: 00406997
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(0046E220,\Microsoft\Internet Explorer\Quick Launch), ref: 00406A11
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(0046E220,00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406A73
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
                                                                                                                                                                                                                                          • String ID: F$ F$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                          • API String ID: 3581403547-1792361021
                                                                                                                                                                                                                                          • Opcode ID: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                          • Instruction ID: 94ababd57b57874809535cfc920d07d17cc92350817822ff6505e5e4c02fddf3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30c92c856c733ebf4e786737c731cc744bbcb1db4e86cdf6d89c5ce8018e8b94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E71D6B1A00112ABDF20AF69CC44A7A3775AB55314F12C13BE907B66E0E73C89A1DB59
                                                                                                                                                                                                                                          Function 6E151870 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000000,?,6E1523F7), ref: 6E151894
                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,6E1523F7), ref: 6E15189B
                                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 6E1518C6
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,6E1523F7), ref: 6E1518D4
                                                                                                                                                                                                                                            • Part of subcall function 6E158340: __vfwprintf_l.LIBCONCRTD ref: 6E158361
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Failed OpenProcessToken, xrefs: 6E1518A5
                                                                                                                                                                                                                                          • Failed LookupPrivilegeValue, xrefs: 6E1518DA
                                                                                                                                                                                                                                          • Failed AdjustTokenPrivileges, xrefs: 6E15194A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CloseCurrentHandleLookupOpenPrivilegeTokenValue__vfwprintf_l
                                                                                                                                                                                                                                          • String ID: Failed AdjustTokenPrivileges$Failed LookupPrivilegeValue$Failed OpenProcessToken
                                                                                                                                                                                                                                          • API String ID: 1520876028-3617082681
                                                                                                                                                                                                                                          • Opcode ID: 6b70fa68e1fe2fab15053dd5d25e458dd1ee30b5f69db07e24eafc31aaf9a644
                                                                                                                                                                                                                                          • Instruction ID: b5dd9e96e9ff07b0107e15ae0533c11ebe6565d36860c2c6e6d6f6fd382459d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b70fa68e1fe2fab15053dd5d25e458dd1ee30b5f69db07e24eafc31aaf9a644
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD317FB4B00609DBEB44DFD5C849BEE7BB9EF48304F108168E911AB380D7349994DF91
                                                                                                                                                                                                                                          Function 6E17C370 Relevance: 15.1, APIs: 10, Instructions: 105windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 6E17C39D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                                          • Opcode ID: 3e0efe882fa560c0d177013f4f9da1f4744de7062971dbb6dbd1d2154d650d94
                                                                                                                                                                                                                                          • Instruction ID: 4be151dbba4a17af81e359ae58ea268e39303f8a13d6e758b2175a69c66efb14
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e0efe882fa560c0d177013f4f9da1f4744de7062971dbb6dbd1d2154d650d94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C41F8B5A41308EFDF14CBE4C855BAEBBB5AF48B01F108148F605AA284D6B4A680DB50
                                                                                                                                                                                                                                          Function 6E1A9FF6 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                          • Opcode ID: 09137ee0c662d659f3b42f033375b8780dfac6bbfe8d4b4d898ad881b279ae06
                                                                                                                                                                                                                                          • Instruction ID: ed983d2c691158a10a15c6f507a5071a9fdc56f56e77c1adea83a6bc8e84ec6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09137ee0c662d659f3b42f033375b8780dfac6bbfe8d4b4d898ad881b279ae06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CC26A75E086298FDB65CEA8CD507EAB3B5EB48304F1141EADA0DE7244E735AEC19F40
                                                                                                                                                                                                                                          Function 6E187081 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18A318: GetWindowLongW.USER32(?,000000F0), ref: 6E18A325
                                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 6E18709E
                                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 6E1870AB
                                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 6E1870B8
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000111,0000E146,00000000), ref: 6E1870D2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1063413437-0
                                                                                                                                                                                                                                          • Opcode ID: a1c972757faa1c115f514363b5c00d8879e30a1e583347f76a47be8fa22badf0
                                                                                                                                                                                                                                          • Instruction ID: f2830f4cd03e2ac6cef6bfffbf55ed68d3d1a27e59cf3b147319b91dce0d0628
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1c972757faa1c115f514363b5c00d8879e30a1e583347f76a47be8fa22badf0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10F0E93139871F17EA602BB59C04BEF2969AF13B45F004A37A542E91C0CED084817920
                                                                                                                                                                                                                                          Function 6E18041D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • OutputDebugStringA.KERNEL32(IsolationAware function called after IsolationAwareCleanup,-00000034,?,6E18A463,00000000,6E1C7FE0,00000010,6E18B5B8,00000000,?,00000000,6E1B7BD4,?,00000001,0000000C,6E18B610), ref: 6E180431
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,-00000034,?,6E18A463,00000000,6E1C7FE0,00000010,6E18B5B8,00000000,?,00000000,6E1B7BD4,?,00000001,0000000C,6E18B610), ref: 6E180468
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • IsolationAware function called after IsolationAwareCleanup, xrefs: 6E18042C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DebugErrorLastOutputString
                                                                                                                                                                                                                                          • String ID: IsolationAware function called after IsolationAwareCleanup
                                                                                                                                                                                                                                          • API String ID: 4132100945-2690750368
                                                                                                                                                                                                                                          • Opcode ID: e096d6b66f48c725702fc14bf9f8bcb0085c7b4fa1c55a5c59de057953069b78
                                                                                                                                                                                                                                          • Instruction ID: 36e9ffe1013e788f49b917d92743d12e882d193d2c249b57d7380607978824fe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e096d6b66f48c725702fc14bf9f8bcb0085c7b4fa1c55a5c59de057953069b78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33F0AF3118762E8E7F949AD4CC6466B3B58AB26B41330692AED21D5914F620CCC0FEE1
                                                                                                                                                                                                                                          Function 6E19054E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E180230: GetLastError.KERNEL32 ref: 6E180254
                                                                                                                                                                                                                                            • Part of subcall function 6E180230: _HRESULT_FROM_WIN32.LIBCMTD ref: 6E18025B
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,6E1512CF), ref: 6E190581
                                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,6E1512CF), ref: 6E190590
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6E19058B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DebugDebuggerErrorLastOutputPresentString
                                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                          • API String ID: 389471666-631824599
                                                                                                                                                                                                                                          • Opcode ID: 6a93ade6e122a059bea86e597b055a4f30d262488ff95d9c8029f43b30e7e65a
                                                                                                                                                                                                                                          • Instruction ID: 174cf567255d59ac487c0dce1bc9b0f496fa8dd391b6838fd0110e325cc38ab9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a93ade6e122a059bea86e597b055a4f30d262488ff95d9c8029f43b30e7e65a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BE06DB0100B418BEB709FA4D4083477BE9AF05759F50881CD4A6C6740F7B4D0C4EBA2
                                                                                                                                                                                                                                          Function 6E1952CE Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E1953C6
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6E1953D0
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6E1953DD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                                          • Opcode ID: 042619e40561b49234100bd57060c2434db39a87fce212d1e3bee49dde9875b1
                                                                                                                                                                                                                                          • Instruction ID: bc6883049513c667b0b29c796e3abd7b956f464ef9af8bbe922ecd8a177e18d7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 042619e40561b49234100bd57060c2434db39a87fce212d1e3bee49dde9875b1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 773105749012199BCB61DF64D888BCCBBB8BF18311F2045DAE41CA7250EB709BC5AF44
                                                                                                                                                                                                                                          Function 6E1586A0 Relevance: 4.6, APIs: 3, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,6E158946,6E158946,?,6E158946,00000000), ref: 6E1586AE
                                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 6E1586C8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Resource$LoadLock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1037334470-0
                                                                                                                                                                                                                                          • Opcode ID: 4ca5f66fad5ca311160124368192c4e797746cd3f9cab29e8f52627182e12f60
                                                                                                                                                                                                                                          • Instruction ID: 8b62e9a15213f849a3271d139bbe7db29c7325511a43691e4098ed3d53ceccd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ca5f66fad5ca311160124368192c4e797746cd3f9cab29e8f52627182e12f60
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9121F9B4E11209EFCB44DFE9C595A9EB7B1BF48340F2085A9E825A7314E7309E90EB50
                                                                                                                                                                                                                                          Function 6E1A2571 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?,6E1A2570,?,?,?,?), ref: 6E1A2593
                                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,6E1A2570,?,?,?,?), ref: 6E1A259A
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 6E1A25AC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                                          • Opcode ID: f3447dc6a22bd8ac68c128b9febe1aaaf2f80007ee9b6394885cc4d85ef57f54
                                                                                                                                                                                                                                          • Instruction ID: 0a7950b46dcc3450033431c32836dc4dcc55c07ea1fcbf3c30e250e30af73da5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3447dc6a22bd8ac68c128b9febe1aaaf2f80007ee9b6394885cc4d85ef57f54
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8E04675021608AFCF016B99C92DAAE3B6AFF41241F108414FA0496220EB35E981FA80
                                                                                                                                                                                                                                          Function 6E19061C Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,00000000,?,6E190719,00000000,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959), ref: 6E190626
                                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?,6E190719,00000000,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959,?,?), ref: 6E19062D
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E190719,00000000,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959,?,?,?), ref: 6E190637
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Heap$ErrorFreeLastProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 406640338-0
                                                                                                                                                                                                                                          • Opcode ID: dc748876ad84fcecf0b01e14da00c6fc845fa263b8ec1a3b2364afa9b23e315f
                                                                                                                                                                                                                                          • Instruction ID: b3000d80a51ba20de45b519e344dcd8755090dad6eb2073bba884737f99578fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc748876ad84fcecf0b01e14da00c6fc845fa263b8ec1a3b2364afa9b23e315f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAD01273906935978B5127E6D80854B7E6DEF15AB17028161FD08DA200D725C800BAE4
                                                                                                                                                                                                                                          Function 004024FB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133comCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoCreateInstance.OLE32(0040AC30,?,00000001,0040AC10,?), ref: 0040257E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d, xrefs: 00402560
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateInstance
                                                                                                                                                                                                                                          • String ID: CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
                                                                                                                                                                                                                                          • API String ID: 542301482-1377821865
                                                                                                                                                                                                                                          • Opcode ID: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                          • Instruction ID: 17e7a05f0d3b91d3be5025a92c0a08315d4604efbe7233a371b14ee5b096337f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9902ece9f4b99e682490ae7949af093cffc61241cd73b0ba5a249ab4bbcbe8c9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E416E74A00205BFCB04EFA0CC99EAE7B79EF48314B20456AF915EB3D1C679A941CB54
                                                                                                                                                                                                                                          Function 6E19CE40 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a76e9b8a3e74350a93271d66a07f85b25744016eaf651595cb6aff5bd8129689
                                                                                                                                                                                                                                          • Instruction ID: 5ef20fcdd30af945e79ee6ea6ca527cb5074124eb6a364cbca128005d1578877
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a76e9b8a3e74350a93271d66a07f85b25744016eaf651595cb6aff5bd8129689
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86F14D71E002199FDF14CFA8C9906DEBBB1FF98314F258269D919AB344D731AA41DF90
                                                                                                                                                                                                                                          Function 6E187714 Relevance: 3.4, APIs: 2, Instructions: 395COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E18771E
                                                                                                                                                                                                                                          • RedrawWindow.USER32(00000000,00000000,00000000,00000105,00000000,00000000,00000000), ref: 6E18790A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: H_prolog3RedrawWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 474685049-0
                                                                                                                                                                                                                                          • Opcode ID: 435c2d87db3710187fc5bc950ba6e85126e5762329e65513a717503ef8a25cba
                                                                                                                                                                                                                                          • Instruction ID: 3c61f1cdc1fed3a653860c9b0ee0063602897678c628d237576e6bce2bc48416
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 435c2d87db3710187fc5bc950ba6e85126e5762329e65513a717503ef8a25cba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BE17C70B10216DFDB44CFA4C854BAF77BAAF49314F11855AE815EB280DB349D81EFA1
                                                                                                                                                                                                                                          Function 6E1AFC01 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E1AFBFC,?,?,00000008,?,?,6E1AF894,00000000), ref: 6E1AFE2E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                                          • Opcode ID: 18ef7b160744a3763e2b204d54f9e1d0b163d5f9fc4210da508300de3d64aac3
                                                                                                                                                                                                                                          • Instruction ID: f36714783870975c5a5cff27c47d1ae50c13e800e6f9b453bc6137cb21df3e0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18ef7b160744a3763e2b204d54f9e1d0b163d5f9fc4210da508300de3d64aac3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FB16B39210609DFD745CF6CC496B647BA0FF09365F368658E9A9CF2A2C335E982DB40
                                                                                                                                                                                                                                          Function 6E19010D Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6E190123
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                                                                                          • Opcode ID: 3af4fc215d33585bb63d25e3c2450b44965d54fed1e4e13a1998f2bacf0289e7
                                                                                                                                                                                                                                          • Instruction ID: 54e8c1437149d11ac7d421427f6d8bb4f2a54b15d40036173d10c1d9f4f75e9e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3af4fc215d33585bb63d25e3c2450b44965d54fed1e4e13a1998f2bacf0289e7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6551C0B1A05A098FDB54CF94C49A79EBBF5FB49B14F20C52AC425EB344E378D980EB50
                                                                                                                                                                                                                                          Function 6E1884C1 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Iconic
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 110040809-0
                                                                                                                                                                                                                                          • Opcode ID: 0be65ed17bfb97ed6b2302e87dd694c741f9b01197afb75f2e506531ac04790c
                                                                                                                                                                                                                                          • Instruction ID: 1a8b09eca71777103d9d14341808128675b733f8fd59abc0fe948d5e1dbbce09
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0be65ed17bfb97ed6b2302e87dd694c741f9b01197afb75f2e506531ac04790c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6D01232118761CBC7655A66E8047C7B3B5BF49769B11442ED052455A4E7A0A8C1EF80
                                                                                                                                                                                                                                          Function 6E1977A0 Relevance: 1.5, Strings: 1, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                          • Opcode ID: cfd4b86952a48278cc939f0ff069b1528eacaf60f7aa71533770b934783b42ab
                                                                                                                                                                                                                                          • Instruction ID: 741896a270832e19a53cc48b59b187f8cdbba04d9e0b87efcffaa92401350423
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfd4b86952a48278cc939f0ff069b1528eacaf60f7aa71533770b934783b42ab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF61693074020A5ADB59CAE988A17BEB3A9EF62714F60092BD493DB2C4D769DDC1F341
                                                                                                                                                                                                                                          Function 6E19756E Relevance: 1.5, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                          • Opcode ID: a6c98b051bcc60003578bb64c468caee76f53c6464358168b65597930a51df46
                                                                                                                                                                                                                                          • Instruction ID: 6d8ccb74c287f7f5c3579d96254ab81fe8e1cac5328d0c08281481852b5a8f12
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6c98b051bcc60003578bb64c468caee76f53c6464358168b65597930a51df46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD518BB06146095BFBD489EC88B17FE779AAF62304F20091FC4A1D72C0D651EDC5F662
                                                                                                                                                                                                                                          Function 6E19733C Relevance: 1.5, Strings: 1, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                                          • Opcode ID: 653a8addd0be8cad07bcc2a3365b3db07f103c981d5176ab075db065b8bc2b3b
                                                                                                                                                                                                                                          • Instruction ID: 988d3a44899d86469486677a6a6b3b5208a20f3cee6d987b80e06b08fa7de5c9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 653a8addd0be8cad07bcc2a3365b3db07f103c981d5176ab075db065b8bc2b3b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3517C7064464A9BEB94C9E984A17EE7B999F62708F30081BCC81D76D2C7229FC5F252
                                                                                                                                                                                                                                          Function 6E1A4FB1 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                          • API String ID: 0-595813830
                                                                                                                                                                                                                                          • Opcode ID: 8a95743e7f869a3e4136b6da553464286dbee50b27ef26a25a2c2f89d3042931
                                                                                                                                                                                                                                          • Instruction ID: 897a1a28d0ea9582fe65a39e15a50c96bdd8ca28ad017d54dc9e3fa9e3d666f6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a95743e7f869a3e4136b6da553464286dbee50b27ef26a25a2c2f89d3042931
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E0C27694062867C65027C89C08FEB7A15CB506B2F401022FA195A6449A715C92A6D4
                                                                                                                                                                                                                                          Function 004079A2 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                          • Instruction ID: f621f802e1b16f1afd83cb625a9a5dfb13386b99c5f5a138cca70abed5397206
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 944ebb341680e93427b3a15fa59e4bc843c1d174164c9a0c79530ba1c2ca476e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CEE17A71D04218DFCF14CF94D980AAEBBB1AF45301F1981ABEC55AF286D738AA41CF95
                                                                                                                                                                                                                                          Function 10BB5C92 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4207414263.0000000010BB2000.00000002.00000001.01000000.00000007.sdmp, Offset: 10BB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4207353563.0000000010BB0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4207491251.0000000010BBE000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10bb0000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c8740e3c3a713c3adb020504176d043426820a6e0abf167870c50283e480b405
                                                                                                                                                                                                                                          • Instruction ID: f1d40cb14ae60a9836dac591b4108a974551b58455dc72357bb3ab8f4d0800bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8740e3c3a713c3adb020504176d043426820a6e0abf167870c50283e480b405
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03E1FD2144E3D11FDB2387784CB4682BFB0AE17118B1E8ADBC4D58F4E3D249691ED7A2
                                                                                                                                                                                                                                          Function 0040737E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                          • Instruction ID: 563abc6a1943806f9f153a5c0538de096a4a033458f435c3a5efc50f2cd88ab2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b88eb350fd00fb33316d24ceb9d72a370f105b0c57197cf1d2e0f134c7777fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C16831A042598FCF18CF68C9805ED7BA2FF89314F25862AED56A7384E335BC45CB85
                                                                                                                                                                                                                                          Function 6E19AE3E Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d02a4422979f245448dee6c6d2de08ae4fead522665597dfef4ce172ef0a8c98
                                                                                                                                                                                                                                          • Instruction ID: 11286444b9b5ee5a32c6d05a87203daa8a20ba7c9ead86eae34af9c5d5d32b1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d02a4422979f245448dee6c6d2de08ae4fead522665597dfef4ce172ef0a8c98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE518371E00119EFDF04CFA9C950AEEBBB6EF88304F198159E415AB241C7349E95EB90
                                                                                                                                                                                                                                          Function 6E1ABC5D Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 769991d116d61d38c933afcd972824f1c9a760633e15b9c58a77885d60a9c691
                                                                                                                                                                                                                                          • Instruction ID: d3b86862e3b570aca2a3bebb09557f53524f061e048942464ef7d6b09f7455b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769991d116d61d38c933afcd972824f1c9a760633e15b9c58a77885d60a9c691
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E21B373F208394B7B0CC47E8C572BDB6E1C68C501745823AE9A6EA2C1D96CD917E2E4
                                                                                                                                                                                                                                          Function 6E1ABB3D Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c0ee4dcbd47ebcc5500d50223c30bd8b09ecfc869243beca762ca8d4c6baa529
                                                                                                                                                                                                                                          • Instruction ID: adbcf21f0a145cf978ba9e016d95090eb1e80522eeb5a5a8b10fc6174cbeed57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ee4dcbd47ebcc5500d50223c30bd8b09ecfc869243beca762ca8d4c6baa529
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB118A23F30C295B675C81AD8C172BAA5D2EBD825070F533ED926E72C4E994DE13D290
                                                                                                                                                                                                                                          Function 6E1A80A7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1cb7eec25afff69a25950b53299e14b0289b653776734ca22ec3ea28c1dc47d0
                                                                                                                                                                                                                                          • Instruction ID: 94603c191db9ba87836d98c9f95c5394a5608a83da963ae087b1399e7681c9f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cb7eec25afff69a25950b53299e14b0289b653776734ca22ec3ea28c1dc47d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0F030366142649BCB12CB8CC509A9E73FCEB45B65F214056E601EB140C674DD80D7C0
                                                                                                                                                                                                                                          Function 6E1A80EB Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 93ee934726bcb5977b7886f765766687285d294005338870cba6629bc9432be8
                                                                                                                                                                                                                                          • Instruction ID: 38eebfe512cd99be34ab48066ba72ab18efb445aa159dc0cf164fc0a4e51baac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ee934726bcb5977b7886f765766687285d294005338870cba6629bc9432be8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7E08C36A112A8EBCB10DBCCC90499AB3ECFB45F00B11049AB611D3200D270DE41D7D0
                                                                                                                                                                                                                                          Function 6E1528E0 Relevance: 75.7, APIs: 35, Strings: 8, Instructions: 457memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WinHttpCrackUrl.WINHTTP(00000000,00000000,00000000,0000003C), ref: 6E1529CB
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 6E1529D5
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152A0D
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152A41
                                                                                                                                                                                                                                          • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows NT 10.0),00000000,00000000,00000000,00000000,?,?,?,?,FFFFFFFF), ref: 6E152A5F
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E152A6E
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E152EC8
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E152ED8
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E152EE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Http$CloseHandle$AllocatorDebugErrorHeapLast$CrackOpen
                                                                                                                                                                                                                                          • String ID: !$.exe$.exe?$.msi$.msi?$<$GET$Mozilla/5.0 (Windows NT 10.0)
                                                                                                                                                                                                                                          • API String ID: 291142426-1574900714
                                                                                                                                                                                                                                          • Opcode ID: 7b5b05f442afe7776d602451203f1df0f3cc4276917875bc3a8734eb55ca9887
                                                                                                                                                                                                                                          • Instruction ID: 9ce5e66d7c19ce880fc9249e7151e67c13e3aeeabe235bc2a45f2c996f99e313
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b5b05f442afe7776d602451203f1df0f3cc4276917875bc3a8734eb55ca9887
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC125BB1C10209DFDB14DBE4D854BEEBBB9BF15308F208559E126BB280DB745A84EF91
                                                                                                                                                                                                                                          Function 004063D8 Relevance: 70.3, APIs: 29, Strings: 11, Instructions: 256libraryloadermemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000FA0), ref: 004063EB
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004063F8
                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00406456
                                                                                                                                                                                                                                            • Part of subcall function 00406057: CharUpperW.USER32(?,0040642D,?), ref: 0040605D
                                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(PSAPI.DLL), ref: 00406495
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004064B4
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004064BE
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004064C9
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00406500
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00406509
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$FreeGlobalLibrary$AllocCharLoadUpperVersionlstrlen
                                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Kernel32.DLL$Module32FirstW$Module32NextW$PSAPI.DLL$Process32FirstW$Process32NextW$Unknown
                                                                                                                                                                                                                                          • API String ID: 20674999-2124804629
                                                                                                                                                                                                                                          • Opcode ID: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                          • Instruction ID: cf04814c2eceeca0522e3a2239a4cfb7588c45c97b625e8eb28f179f7b3afb0e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e76717bc544e744264c82aeaea2435e5936e7e477e24acbe68bbbba6ce647f5a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3919371900219EBDF119FA4CD88AAEBBB8EF04705F11807AE906F7191DB788E51CF59
                                                                                                                                                                                                                                          Function 6E1609C0 Relevance: 52.6, APIs: 10, Strings: 20, Instructions: 93memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160A29
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160A42
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160A5B
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160A74
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160A8D
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160AA6
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160ABF
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160AD8
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160AF1
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160B0A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID: FormActInstall$FormActUninstall$FormActionScript$FormBuild$FormConditions$FormProperties$FormUIAction$PanePackage$Scripting/Conditions$Scripting/Objects$SiblDlg$UIScriptRecorder$Using/Interface$Using/Interface#_Advances-Options-Dialog$Using/Interface#_Build--Dialog$Using/Interface#_Install-Application-Dialog$Using/Interface#_Package-Properties$Using/Interface#_Uninstall-Application-Dialog$Using/UIAutomation$Using/UIAutomation#_UI-Script-Action-Dialog
                                                                                                                                                                                                                                          • API String ID: 571936431-127137180
                                                                                                                                                                                                                                          • Opcode ID: e0044c8558502baf1171558bfcd5794f09855113215a0867579781b4b7041bc8
                                                                                                                                                                                                                                          • Instruction ID: 23c6e8d54d8d4b35b069feb9c4887a8e859b75d258a23aafe22723136d946b73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e0044c8558502baf1171558bfcd5794f09855113215a0867579781b4b7041bc8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 383114B0A1511597CB04DFE4CD58BEFB366AB95608F500D2DA131AF7C0EF386890B745
                                                                                                                                                                                                                                          Function 6E154440 Relevance: 49.3, APIs: 19, Strings: 9, Instructions: 277memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15448D
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E15449C
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E1544A3
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1544FD
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154516
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E15452A
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Application key is empty, xrefs: 6E1544AF
                                                                                                                                                                                                                                          • .exe, xrefs: 6E1545DD
                                                                                                                                                                                                                                          • [SystemFolder]msiexec.exe, xrefs: 6E15465F
                                                                                                                                                                                                                                          • /x %s, xrefs: 6E154689
                                                                                                                                                                                                                                          • Application %s ver. %s is installed. Try to uninstall..., xrefs: 6E15459F
                                                                                                                                                                                                                                          • Application %s is installed. Try to uninstall..., xrefs: 6E1545B5
                                                                                                                                                                                                                                          • /x %s %s, xrefs: 6E1546A7
                                                                                                                                                                                                                                          • unsupported uninstall command: , xrefs: 6E15460A
                                                                                                                                                                                                                                          • Application %s %s is not installed. Action canceled., xrefs: 6E154544
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: .exe$/x %s$/x %s %s$Application %s %s is not installed. Action canceled.$Application %s is installed. Try to uninstall...$Application %s ver. %s is installed. Try to uninstall...$Application key is empty$[SystemFolder]msiexec.exe$unsupported uninstall command:
                                                                                                                                                                                                                                          • API String ID: 1085074254-2146055958
                                                                                                                                                                                                                                          • Opcode ID: d856e747a0bb23e781ea557bcfd02d149beba74f4b28efff2a117bf870e88dfa
                                                                                                                                                                                                                                          • Instruction ID: ff0def1f6a319f2915d36be7e3d6b0048cbb6547e2d21e8a8ea6c8db0f8f45da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d856e747a0bb23e781ea557bcfd02d149beba74f4b28efff2a117bf870e88dfa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AB161B0D10109EFDB04DFE4D850AEFBBB8AF54308F50455DE4266B381DB346A95EB91
                                                                                                                                                                                                                                          Function 004054A5 Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054E1
                                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 004054FE
                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00405512
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040552E
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 0040554F
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00405563
                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 0040556A
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00405619
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00405623
                                                                                                                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 0040563D
                                                                                                                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040568E
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00405734
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00405756
                                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00405768
                                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00405783
                                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405799
                                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 004057A0
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057B8
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057CB
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,?,00451D98,00476AA0), ref: 004057F4
                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00451D98), ref: 00405808
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 0040593C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 184305955-0
                                                                                                                                                                                                                                          • Opcode ID: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                          • Instruction ID: f960999a9681c69a960cfafceaa395f4ab6c0ab2fcbff8166cb7657a87eea2d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 368de82205cbc4940732e302d2e847697efd4030890e1d8fceca6bf2533b68ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13C189B1500A04FBDB216F61ED89E2B7BA9EB49715F00093EF506B11F1C6399881DF2E
                                                                                                                                                                                                                                          Function 6E152F40 Relevance: 42.3, APIs: 19, Strings: 5, Instructions: 282memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WinHttpCrackUrl.WINHTTP(00000000,00000000,00000000,0000003C), ref: 6E15302E
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E153038
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E153070
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1530A1
                                                                                                                                                                                                                                          • WinHttpOpen.WINHTTP(Mozilla/5.0 (Windows NT 10.0),00000000,00000000,00000000,00000000,?,?,?,?,FFFFFFFF), ref: 6E1530BF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1530CE
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E1532A8
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E1532B8
                                                                                                                                                                                                                                          • WinHttpCloseHandle.WINHTTP(00000000), ref: 6E1532C8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Http$CloseHandle$AllocatorDebugErrorHeapLast$CrackOpen
                                                                                                                                                                                                                                          • String ID: /$<$GET$Mozilla/5.0 (Windows NT 10.0)$w+b
                                                                                                                                                                                                                                          • API String ID: 291142426-2519732043
                                                                                                                                                                                                                                          • Opcode ID: 17a2c8b548ddde52535379eda65c4a9ecb7c4f14906fd76ddf2988121c89a147
                                                                                                                                                                                                                                          • Instruction ID: 0f56accddaa9b49d404b83bb5250d3249d687479f212f790e2aad48032c08f90
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17a2c8b548ddde52535379eda65c4a9ecb7c4f14906fd76ddf2988121c89a147
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EC109B0D00209DFDB04DFE4D898BEEBBB5BF08304F208558E525AB284D7745A95DFA1
                                                                                                                                                                                                                                          Function 004040E4 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 210windowstringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404199
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041AD
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004041CA
                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004041DB
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004041E9
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004041F7
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 00404202
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040420F
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040421E
                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,00404150,?), ref: 0040400D
                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: GlobalAlloc.KERNEL32(00000040,00000001,?,?,?,00000000,00404150,?), ref: 0040401C
                                                                                                                                                                                                                                            • Part of subcall function 00403FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000001,00000000,00000000,?,?,00000000,00404150,?), ref: 00404030
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 00404276
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000), ref: 0040427D
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004042AA
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 004042ED
                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004042FB
                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 004042FE
                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(0000070B,open,0046E220,00000000,00000000,00000001), ref: 00404313
                                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040431F
                                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404322
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404351
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404363
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$ByteCharLoadMultiWide$AllocButtonCheckColorExecuteGlobalShelllstrlen
                                                                                                                                                                                                                                          • String ID: F$N$open
                                                                                                                                                                                                                                          • API String ID: 3928313111-1104729357
                                                                                                                                                                                                                                          • Opcode ID: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                          • Instruction ID: b74f7aac3d4bcd21dc7a54326fe4aeb8052e912a1eb6d084c2fa05dc76f75ebb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9e703d48f6c54e41068c493ebacbd9c251cecf858f8a13bd715780d6f12025
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D71B5F1A00209BFDB109F65DD45EAA7B78FB44305F00853AFA05B62E1C778AD91CB99
                                                                                                                                                                                                                                          Function 00406AC5 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 163filestringmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00465E20,NUL,?,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AD5
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,000000F1,00000000,00000001,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA,?,00000000,000000F1,?), ref: 00406AF4
                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,00465E20,00000400), ref: 00406AFD
                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                            • Part of subcall function 00405DE2: lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                          • GetShortPathNameW.KERNEL32(000000F1,0046B478,00000400), ref: 00406B1E
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00465E20,000000FF,00466620,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B47
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,0046B478,000000FF,00466C70,00000400,00000000,00000000,?,00000000,?,00406CBC,000000F1,000000F1,00000001,00406EDA), ref: 00406B5F
                                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406B79
                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0046B478,C0000000,00000004,0046B478,?,?,00000000,000000F1,?), ref: 00406BB1
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BC0
                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BDC
                                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406C0C
                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,00467070,00000000,-0000000A,0040A87C,00000000,[Rename]), ref: 00406C63
                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: GetFileAttributesW.KERNELBASE(00000003,004035F3,004EB0D8,80000000,00000003,?,?,?,00000000,00403A73,?), ref: 00405E80
                                                                                                                                                                                                                                            • Part of subcall function 00405E7C: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A73,?), ref: 00405EA2
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C77
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00406C7E
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00406C88
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
                                                                                                                                                                                                                                          • String ID: ^F$%s=%s$NUL$[Rename]$plF
                                                                                                                                                                                                                                          • API String ID: 565278875-3368763019
                                                                                                                                                                                                                                          • Opcode ID: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                          • Instruction ID: 187392fb1a539ff374a899d42f74550c270b9899c721d3c7d9f4fe98b52eb23c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6a48264c4b44e6e847a38bbc5540ed6369e357cae48dbe616f47649f698452
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2414B322082197FE7206B61DD4CE6F3E6CDF4A758B12013AF586F21D1D6399C10867E
                                                                                                                                                                                                                                          Function 6E169770 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$char_traitsstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
                                                                                                                                                                                                                                          • API String ID: 661727466-4239264347
                                                                                                                                                                                                                                          • Opcode ID: d059241297303f382411340c5a45b116b52e9f1af87b219ef1b76a3d999856cf
                                                                                                                                                                                                                                          • Instruction ID: bbd4cf86d963df874e281c1d680c50e02b69a1b3f28cdd580abcfbb9b317224d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d059241297303f382411340c5a45b116b52e9f1af87b219ef1b76a3d999856cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17B10771D04268EBDB65CBA4CC54BDEBBB8AB59308F4085D9D009AB240DB345FC8EF91
                                                                                                                                                                                                                                          Function 6E1519D0 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 439memoryregistryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000003,00000000,00020119), ref: 6E151BC1
                                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,A4C33E3A), ref: 6E151C58
                                                                                                                                                                                                                                          • PathMatchSpecW.SHLWAPI(?,00000000,?,?,?,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,A4C33E3A), ref: 6E151C7F
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E151DE4
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E151EC2
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E151EE1
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E151F87
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152003
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1520CD
                                                                                                                                                                                                                                          • PathMatchSpecW.SHLWAPI(00000000,00000000,000000FF,DisplayName,00000000,00000000,00000000,DisplayName,00000000,00000000,00000000,?,00020019), ref: 6E151D46
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E158070: RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,A4C33E3A,00020019,00000000,00000000,A4C33E3A), ref: 6E1580A8
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E152082
                                                                                                                                                                                                                                            • Part of subcall function 6E158270: RegCloseKey.ADVAPI32(?), ref: 6E15828E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$MatchPathQuerySpecstd::ios_base::good$Base::CloseConcurrency::details::ContextEnumIdentityInfoQueueValueWork
                                                                                                                                                                                                                                          • String ID: %s\%s$.exe$DisplayName$DisplayVersion$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
                                                                                                                                                                                                                                          • API String ID: 320006500-880123811
                                                                                                                                                                                                                                          • Opcode ID: fed47b2c2213c79ec13fc373023992cc00d9fad3727110f2747d97c50f6f7b0b
                                                                                                                                                                                                                                          • Instruction ID: 1d6bf6238557aaff0b16c409d6b501fb32638ac4dd1288bafa49cc91b89f8701
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fed47b2c2213c79ec13fc373023992cc00d9fad3727110f2747d97c50f6f7b0b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A712AFB0914268DADB25DFA4CC98BEEB7B8AF24308F1045D9D02967290DB741FD8EF51
                                                                                                                                                                                                                                          Function 6E152640 Relevance: 30.0, APIs: 13, Strings: 4, Instructions: 207memoryfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • PathFindFileNameW.SHLWAPI(00000000,6E1C15D0,A4C33E3A,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E152689
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                          • PathFindExtensionW.SHLWAPI(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1526A5
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152745
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152769
                                                                                                                                                                                                                                          • PathFindExtensionW.SHLWAPI(00000000,6E1BD940,00000000,?,00000000), ref: 6E152788
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152792
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1527E6
                                                                                                                                                                                                                                            • Part of subcall function 6E1562B0: _DebugHeapAllocator.LIBCPMTD ref: 6E1562BE
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000000,6E1BD940,00000000,?,00000000), ref: 6E1527F4
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15280F
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152825
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E15284B
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E152865
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15287B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$FindPath$ExtensionFile$DeleteNamestd::ios_base::good
                                                                                                                                                                                                                                          • String ID: .exe$.msi$\Setup%s$\Setup.exe
                                                                                                                                                                                                                                          • API String ID: 1668309467-3900291294
                                                                                                                                                                                                                                          • Opcode ID: f10bf3e48c679ed78f542afb02b47b531b15d272a161c6656c687c41f8ba0712
                                                                                                                                                                                                                                          • Instruction ID: 7ecd21b9f70d3f6c4ade104c9e931998aeefa17b68c19fbd2fa7d31afef75c70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f10bf3e48c679ed78f542afb02b47b531b15d272a161c6656c687c41f8ba0712
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 908175F1C10109EBDF04DBE4DC54AEEBBB8AF54314F50895DE425AB380DB346A94EBA1
                                                                                                                                                                                                                                          Function 6E185B49 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18A318: GetWindowLongW.USER32(?,000000F0), ref: 6E18A325
                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 6E185B85
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000036B,00000000,00000000), ref: 6E185BA8
                                                                                                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 6E185BCD
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 6E185BFC
                                                                                                                                                                                                                                          • MonitorFromWindow.USER32(00000000,00000001), ref: 6E185C35
                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000), ref: 6E185C3C
                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 6E185C4A
                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 6E185C57
                                                                                                                                                                                                                                          • MonitorFromWindow.USER32(00000000,00000002), ref: 6E185C64
                                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000), ref: 6E185C6B
                                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 6E185C79
                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 6E185C84
                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 6E185C91
                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 6E185C9C
                                                                                                                                                                                                                                          • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 6E185CAA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Rect$Monitor$ClientCopyFromInfoLongParent$MessagePointsSend
                                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                                          • API String ID: 3610148278-3887548279
                                                                                                                                                                                                                                          • Opcode ID: 8c3b34d30be72b797cb059216cb143ff997ccf168c33a70c26612b8d34beb43d
                                                                                                                                                                                                                                          • Instruction ID: b53a8de4b9f1105854a3c5f84a85cfc16edb743b09ec4ff8a47cf966ceb2029b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c3b34d30be72b797cb059216cb143ff997ccf168c33a70c26612b8d34beb43d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53614A72900609AFCF41CFE8C988BEEBBBAFF49315F254114E516E7280D774A9459F60
                                                                                                                                                                                                                                          Function 6E159FA0 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 190memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(?), ref: 6E159B9A
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159C35
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159CD4
                                                                                                                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6E15A004
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E15A01A
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(6E153902,00000000,?), ref: 6E15A036
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 6E15A05A
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(6E153902,00000001,?), ref: 6E15A079
                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6E15A1C5
                                                                                                                                                                                                                                          • SafeArrayDestroy.OLEAUT32(6E153902), ref: 6E15A1CF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15A175
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15A1DB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocString$ArraySafe$Element$ClearCreateDestroyVariantVector
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp
                                                                                                                                                                                                                                          • API String ID: 1364862699-1439456480
                                                                                                                                                                                                                                          • Opcode ID: 81ecd3510435a2275c895752c1ebf3e2ab1e54ac478add063929809207f2a122
                                                                                                                                                                                                                                          • Instruction ID: 5c8551a9907761cc6edb324d3c334b2f416a964192864922bce6950874d20985
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81ecd3510435a2275c895752c1ebf3e2ab1e54ac478add063929809207f2a122
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4681E2B5910609DFCB04DFE4C984BEEBBB9BF48300F108A19E525A7390DB745A85DFA1
                                                                                                                                                                                                                                          Function 6E159700 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 166libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(mscoree.dll,A4C33E3A,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446,00000000,6E1CF8E0), ref: 6E159734
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000073,C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446,00000000), ref: 6E15976B
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorBindToRuntimeEx), ref: 6E159792
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E1597A1
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E1597AE
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E159847
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E1598DA
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,6E1B13E5,000000FF,?,6E159446), ref: 6E15992A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • v2.0.50727, xrefs: 6E15980C
                                                                                                                                                                                                                                          • mscoree.dll, xrefs: 6E15972F
                                                                                                                                                                                                                                          • CorBindToRuntimeEx, xrefs: 6E159789
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E15984D
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159743
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E1597B4
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E1598E0
                                                                                                                                                                                                                                          • v4.0.30319, xrefs: 6E159832
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Library$Free$ErrorLast$AddressBase::Concurrency::details::ContextIdentityLoadProcQueueWork
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$CorBindToRuntimeEx$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                                                                                                                                                                          • API String ID: 4289075378-1696464217
                                                                                                                                                                                                                                          • Opcode ID: 0c894aa94cd9b57a732ba11d5f55cd9dd85d31bd4a35599b9ce64b5dd1a0c201
                                                                                                                                                                                                                                          • Instruction ID: 65610f5bfecd7d3b8311772094c30fe3758084380d6d30b99e41dadad23fb6a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c894aa94cd9b57a732ba11d5f55cd9dd85d31bd4a35599b9ce64b5dd1a0c201
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC61FAB4D00209DFCB04DFE4C949BEEBBB5BF48314F508A59E425AB380D7746A81DB95
                                                                                                                                                                                                                                          Function 6E1888DC Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 153COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 6E1888E6
                                                                                                                                                                                                                                            • Part of subcall function 6E18AA2A: __EH_prolog3.LIBCMT ref: 6E18AA31
                                                                                                                                                                                                                                          • CallNextHookEx.USER32(?,?,?,?), ref: 6E188924
                                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 6E1889C4
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000FC), ref: 6E188A03
                                                                                                                                                                                                                                          • GetPropW.USER32(?,AfxOldWndProc423), ref: 6E188A19
                                                                                                                                                                                                                                          • SetPropW.USER32(?,AfxOldWndProc423,00000000), ref: 6E188A2E
                                                                                                                                                                                                                                          • GetPropW.USER32(?,AfxOldWndProc423), ref: 6E188A3A
                                                                                                                                                                                                                                          • GlobalAddAtomW.KERNEL32(AfxOldWndProc423), ref: 6E188A4D
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,Function_00038771), ref: 6E188A5B
                                                                                                                                                                                                                                          • CallNextHookEx.USER32(?,00000003,?,?), ref: 6E188AE4
                                                                                                                                                                                                                                          • UnhookWindowsHookEx.USER32(?), ref: 6E188AF8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: HookProp$CallLongNextWindow$AtomClassGlobalH_prolog3H_prolog3_NameUnhookWindows
                                                                                                                                                                                                                                          • String ID: #32768$AfxOldWndProc423
                                                                                                                                                                                                                                          • API String ID: 3603175632-2141921550
                                                                                                                                                                                                                                          • Opcode ID: 2477a727867fd16a3bd5ac1b586b4adc100ad99e34d7879c0daba1fbe66bb87f
                                                                                                                                                                                                                                          • Instruction ID: edc11b558fd78a23e591946e4c322cbca26e8aa618487e601f0c2564a59d7c0e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2477a727867fd16a3bd5ac1b586b4adc100ad99e34d7879c0daba1fbe66bb87f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5351C2319405289BCB219F90CC88BEF3B79AF55711F504599E806EB290DB708EC1FF91
                                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010D8
                                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010ED
                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010F6
                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 0040110E
                                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0040112F
                                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401139
                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401149
                                                                                                                                                                                                                                          • DrawTextW.USER32(00000000,00476AA0,000000FF,00000010,00000820), ref: 0040115F
                                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401169
                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0040116E
                                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 00401177
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                          • Opcode ID: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                          • Instruction ID: 3a901b8e11bd10f40e8c3d59bf329074d7a31f92ad936af625f7db958ebfa50f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2efc14ad74cb110e0ad817299842ebea0c3d587f520aff37d9c167bf14942bce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF518772800209AFCF05CF95DD459AFBBB9FF45315F00802AF952AA1A1C738EA50DFA4
                                                                                                                                                                                                                                          Function 6E161660 Relevance: 25.6, APIs: 17, Instructions: 118threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 6E161683
                                                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000), ref: 6E16168A
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E161694
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 6E1616AE
                                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 6E1616B5
                                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,00000000), ref: 6E1616D4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Token$CurrentOpenProcessThread$ErrorInformationLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 632756016-0
                                                                                                                                                                                                                                          • Opcode ID: 5ee3eec0c916d050bcdf68f90c8b6161576f7a29e442793f4b9b537e4623e0a9
                                                                                                                                                                                                                                          • Instruction ID: cf0710dce84912d6610cee88c9ff0a7540ef43f2024f7801468e74373f42e583
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ee3eec0c916d050bcdf68f90c8b6161576f7a29e442793f4b9b537e4623e0a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF412F74B0460AEFDF40DFE4C848BAE77B9BF49701F508954E605EB280D7709A94EB60
                                                                                                                                                                                                                                          Function 6E17F410 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 123windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,00000000,00000030), ref: 6E17F48F
                                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,#32770,00000000), ref: 6E17F4EA
                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(00000000,000003EE,00000000), ref: 6E17F51F
                                                                                                                                                                                                                                          • GetDlgItem.USER32(00000000,000003F8), ref: 6E17F52E
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001004,00000000,00000000), ref: 6E17F55B
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000104D,00000000,00000001), ref: 6E17F59B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$ItemSend$FindTextWindow
                                                                                                                                                                                                                                          • String ID: #32770$%s$->mb!$->mb!$8f$install:$unpack:
                                                                                                                                                                                                                                          • API String ID: 1611550948-3997906393
                                                                                                                                                                                                                                          • Opcode ID: cbda9000ed74c32c6dce9106a1a5a2bc7e155e83ea7f3b4d5a80b050b23eecec
                                                                                                                                                                                                                                          • Instruction ID: e93067cf3593270c7bc5699634dee74d56375771f87cb708bd1020961b62a973
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbda9000ed74c32c6dce9106a1a5a2bc7e155e83ea7f3b4d5a80b050b23eecec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B24132B0540209EBDF10DFE0CC49BEE77B8AB14B14F608519E536AA2C0EB7466C4EB51
                                                                                                                                                                                                                                          Function 6E18F5A7 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(6E1CED64,00000FA0,?,?,6E18F585), ref: 6E18F5B3
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,6E18F585), ref: 6E18F5BE
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6E18F585), ref: 6E18F5CF
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 6E18F5E1
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 6E18F5EF
                                                                                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,6E18F585), ref: 6E18F612
                                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 6E18F623
                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(6E1CED64,00000007,?,?,6E18F585), ref: 6E18F62E
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,6E18F585), ref: 6E18F63E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • kernel32.dll, xrefs: 6E18F5CA
                                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 6E18F5DB
                                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 6E18F5B9
                                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 6E18F5E7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
                                                                                                                                                                                                                                          • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 3578986977-3242537097
                                                                                                                                                                                                                                          • Opcode ID: f8c38753cabdda6d885a2485fbe15ac4b63a388907d1271c408ba58e15cd3d61
                                                                                                                                                                                                                                          • Instruction ID: 3f0b7028359d5cc6941b3a2920aa6ebe67a213ef32efddfbd6be450b6899e9cd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8c38753cabdda6d885a2485fbe15ac4b63a388907d1271c408ba58e15cd3d61
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3901B571901E06ABDF212BF4CC0CA373A6EEF9AB457304511F821D6200DB34C480BE65
                                                                                                                                                                                                                                          Function 6E159D90 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(?), ref: 6E159B9A
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159C35
                                                                                                                                                                                                                                            • Part of subcall function 6E159B60: SysAllocString.OLEAUT32(00000000), ref: 6E159CD4
                                                                                                                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6E159DF2
                                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 6E159E08
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6E159E24
                                                                                                                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6E159E61
                                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6E159F21
                                                                                                                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6E159F2B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • RunCaFunction, xrefs: 6E159DD1
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159F37
                                                                                                                                                                                                                                          • C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp, xrefs: 6E159ED1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocArraySafeString$Element$ClearCreateDestroyVariantVector
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$C:\Users\Operations\Source\Workspaces\Sib\Sibl\Sibl\ClrHost.cpp$RunCaFunction
                                                                                                                                                                                                                                          • API String ID: 104467155-2052640532
                                                                                                                                                                                                                                          • Opcode ID: 6c1588862815707ef6dc5d8feffb2425420158946b129b944c53566eeea5fbee
                                                                                                                                                                                                                                          • Instruction ID: b9ff3c7507c10be3677a0002471f11344d33692525327941a3799cfb1f120ed3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c1588862815707ef6dc5d8feffb2425420158946b129b944c53566eeea5fbee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 666102B5D10609DFCB04CFE4C984BEEBBB9BF48310F208619E525AB390DB746A45DB91
                                                                                                                                                                                                                                          Function 6E1A99BC Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 6E1A9A00
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB3B3
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB3C5
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB3D7
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB3E9
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB3FB
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB40D
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB41F
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB431
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB443
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB455
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB467
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB479
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB396: _free.LIBCMT ref: 6E1AB48B
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A99F5
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A17
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A2C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A37
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A59
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A6C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A7A
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9A85
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9ABD
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9AC4
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9AE1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A9AF9
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                          • Opcode ID: 12cdaa33b67bd2f65bcc65b8760da467c11f86fc736a4fcb962e5d9e92b1f31f
                                                                                                                                                                                                                                          • Instruction ID: 4d095abde31a163e93e430edbb44bc9368f6c6c38d99fcefc31f49e441394ec8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12cdaa33b67bd2f65bcc65b8760da467c11f86fc736a4fcb962e5d9e92b1f31f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0317039A043059FE7A18EFDE954BBA73E9AF10314F20481EE256E7164DB32E9C1E710
                                                                                                                                                                                                                                          Function 6E1555A0 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 200filememoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E155860: _DebugHeapAllocator.LIBCPMTD ref: 6E1558B5
                                                                                                                                                                                                                                            • Part of subcall function 6E1676F0: _DebugHeapAllocator.LIBCPMTD ref: 6E167839
                                                                                                                                                                                                                                            • Part of subcall function 6E1676F0: task.LIBCPMTD ref: 6E167845
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: _DebugHeapAllocator.LIBCPMTD ref: 6E1610C6
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1610D2
                                                                                                                                                                                                                                            • Part of subcall function 6E161050: std::ios_base::good.LIBCPMTD ref: 6E1610DA
                                                                                                                                                                                                                                            • Part of subcall function 6E191373: CreateDirectoryW.KERNELBASE(00000000,6E1614AA,?,?,?,6E1614AA,00000000,00000000), ref: 6E191381
                                                                                                                                                                                                                                            • Part of subcall function 6E191373: GetLastError.KERNEL32(?,?,?,6E1614AA,00000000,00000000), ref: 6E19138F
                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00000000,00000000,6E17F5C0,?,00000001,A4C33E3A), ref: 6E155707
                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E155770
                                                                                                                                                                                                                                            • Part of subcall function 6E191373: CreateDirectoryW.KERNEL32(00000000,6E1614AA,?,?,?,?,6E1614AA,00000000,00000000), ref: 6E1913FF
                                                                                                                                                                                                                                            • Part of subcall function 6E191373: GetLastError.KERNEL32(?,?,?,?,6E1614AA,00000000,00000000), ref: 6E191409
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1557F0
                                                                                                                                                                                                                                            • Part of subcall function 6E153980: _DebugHeapAllocator.LIBCPMTD ref: 6E153A15
                                                                                                                                                                                                                                            • Part of subcall function 6E153980: _DebugHeapAllocator.LIBCPMTD ref: 6E153A28
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextCopyCreateDirectoryErrorFileIdentityLastQueueWork$std::ios_base::goodtask
                                                                                                                                                                                                                                          • String ID: C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$[CommonAppDataFolder]\sib\%s$\SibCa.dll$\SibCa.dll$\SibClr.dll$\SibClr.dll$\sib.dat$productCode
                                                                                                                                                                                                                                          • API String ID: 261773315-2507374280
                                                                                                                                                                                                                                          • Opcode ID: c78a3889b21a27049b5941710988123afc311bf70bba2e0d802e4e51834bfe45
                                                                                                                                                                                                                                          • Instruction ID: aea6fbb132be50b5b84759ebf5596ee11b5feaa29d844a7b37e57927ff710eac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c78a3889b21a27049b5941710988123afc311bf70bba2e0d802e4e51834bfe45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D08142B0D10209DBDB04CBE4D955BEEBBBDAF44308F50496DE421AB380DB346A94DBA1
                                                                                                                                                                                                                                          Function 6E161050 Relevance: 18.2, APIs: 12, Instructions: 212memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1610C6
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1610D2
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E1610DA
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E16113C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E16114C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E161159
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611B0
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611C1
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611D3
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E16125A
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$std::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 100152506-0
                                                                                                                                                                                                                                          • Opcode ID: ab274f0ef1818297a0dd64212c50c966c186bad716aaaaffdf09a0f8fcd23d92
                                                                                                                                                                                                                                          • Instruction ID: a91983315811ccf44c0252237e3c8729ac83b8c5b2d23a35f3ef08a8dcc484a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab274f0ef1818297a0dd64212c50c966c186bad716aaaaffdf09a0f8fcd23d92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E913CB0D10248DFCB04DFE4D954BDEBBB8AF14308F60855DD426AB381DB742A99EB91
                                                                                                                                                                                                                                          Function 6E1AC62A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1AC371: CreateFileW.KERNEL32(00000000,00000000,?,6E1AC6D3,?,?,00000000,?,6E1AC6D3,00000000,0000000C), ref: 6E1AC38E
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1AC73E
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1AC745
                                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 6E1AC751
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1AC75B
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1AC764
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 6E1AC784
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 6E1AC8D1
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1AC903
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1AC90A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                          • Opcode ID: b2b70f6014ac8006f1315541a7def7f3506e75854c4e5e66c925711e42d534c6
                                                                                                                                                                                                                                          • Instruction ID: ef463fe8904cc186953249078e2b37cc55eaabea2168b92656dce064d4300a18
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2b70f6014ac8006f1315541a7def7f3506e75854c4e5e66c925711e42d534c6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14A12336A142459FCF09DFACC851BBD3FB5AB0A324F244159E921EF291D7358882EB51
                                                                                                                                                                                                                                          Function 6E153980 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 172memoryfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E153A15
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E153A28
                                                                                                                                                                                                                                          • CopyFileW.KERNEL32(00000000,00000000,00000000,?,?,?,?,-00000010,-00000010,00000000,A4C33E3A), ref: 6E153B51
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?,?,?,?,-00000010,-00000010,00000000,A4C33E3A), ref: 6E153B66
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$CopyErrorFileLast
                                                                                                                                                                                                                                          • String ID: cf$%s\%s$%s\%s$C:\Users\Operations\Source\Workspaces\Sib\Sibl\SibInstaller\Install.cpp$PkgDir$PkgDir
                                                                                                                                                                                                                                          • API String ID: 2445141817-700592462
                                                                                                                                                                                                                                          • Opcode ID: c737ff19ff0aca37d132facdc47a94b71cf72e58ba3d3a8b84a742d9fa7379f1
                                                                                                                                                                                                                                          • Instruction ID: b6b0848c1824e35ee9ed71adb80f8bf3821d35866d140aa5be90510cc15d628e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c737ff19ff0aca37d132facdc47a94b71cf72e58ba3d3a8b84a742d9fa7379f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB6170B0D00109DFDB04DBE4D959BEEBBB8AF14308F508959E421B73C0DB746A95EBA1
                                                                                                                                                                                                                                          Function 00402880 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 131registrystringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004028DA
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004140F8,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004028FD
                                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(?,?,?,?,004140F8,?,?,?,?,?,?,?,?,00000011,00000002), ref: 004029BC
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 004029E4
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • WriteRegExpandStr: "%s\%s" "%s"="%s", xrefs: 0040292A
                                                                                                                                                                                                                                          • WriteRegStr: "%s\%s" "%s"="%s", xrefs: 00402918
                                                                                                                                                                                                                                          • WriteReg: error creating key "%s\%s", xrefs: 004029F5
                                                                                                                                                                                                                                          • WriteReg: error writing into "%s\%s" "%s", xrefs: 004029D4
                                                                                                                                                                                                                                          • WriteRegDWORD: "%s\%s" "%s"="0x%08x", xrefs: 00402959
                                                                                                                                                                                                                                          • WriteRegBin: "%s\%s" "%s"="%s", xrefs: 004029A1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrlen$CloseCreateValuewvsprintf
                                                                                                                                                                                                                                          • String ID: WriteReg: error creating key "%s\%s"$WriteReg: error writing into "%s\%s" "%s"$WriteRegBin: "%s\%s" "%s"="%s"$WriteRegDWORD: "%s\%s" "%s"="0x%08x"$WriteRegExpandStr: "%s\%s" "%s"="%s"$WriteRegStr: "%s\%s" "%s"="%s"
                                                                                                                                                                                                                                          • API String ID: 1641139501-220328614
                                                                                                                                                                                                                                          • Opcode ID: 88e4ee1587b6acc04eade602774f77907f811befdb6ad9f01a68df4d4fc2eb7d
                                                                                                                                                                                                                                          • Instruction ID: c6ff7831871a22410ebf281ca69ba80d881ba5d3dc99c3f31bea2db7712f227d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88e4ee1587b6acc04eade602774f77907f811befdb6ad9f01a68df4d4fc2eb7d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE418BB2D00208BFCF11AF91CD46DEEBB7AEF44344F20807AF605761A2D3794A509B69
                                                                                                                                                                                                                                          Function 6E18E788 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 6E18E7A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                          • String ID: D2D1.dll$D2D1CreateFactory$D2D1MakeRotateMatrix$DWrite.dll$DWriteCreateFactory
                                                                                                                                                                                                                                          • API String ID: 2538663250-1403614551
                                                                                                                                                                                                                                          • Opcode ID: beeef4e29e347987f5b732e674a154bbb27c6a956f79c4d91489faac7159e144
                                                                                                                                                                                                                                          • Instruction ID: 4ca8d85c3406b30c01197305a93760adb51dc5adc805939edf916a72460efa79
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: beeef4e29e347987f5b732e674a154bbb27c6a956f79c4d91489faac7159e144
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC21B075100B42AFDB606FF1CC8CB5B7AA9EF46A59F104939F552C5640EB30D9C4EE60
                                                                                                                                                                                                                                          Function 6E1941C0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E1942BB
                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 6E1942E2
                                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 6E1943EE
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6E1944C9
                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 6E194550
                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 6E19456B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                          • Opcode ID: ce55df485a754cfd3b778e75c9b2e2e7c653b0237286906b659497f05bf5c7f0
                                                                                                                                                                                                                                          • Instruction ID: 0a2c78951607ae48e99c05a2268932c61e7eb2ddff9218d60c6f5c2853ff8f21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce55df485a754cfd3b778e75c9b2e2e7c653b0237286906b659497f05bf5c7f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DC1887580021AEFCF15CFE4D8C099EBBB9BF14314F20455AE8256B215D330DA92FB91
                                                                                                                                                                                                                                          Function 6E16CC8E Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task
                                                                                                                                                                                                                                          • String ID: object key$object separator
                                                                                                                                                                                                                                          • API String ID: 1384045349-2279923633
                                                                                                                                                                                                                                          • Opcode ID: b91fdd54d4597c3da96ac2c971e266ef12fdc30dee8a4c77c6f9a72951e61fa7
                                                                                                                                                                                                                                          • Instruction ID: 674ba4b605d57ce5e3cda650d2270e62347f5de25f5444c230bd28ec2b4199c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b91fdd54d4597c3da96ac2c971e266ef12fdc30dee8a4c77c6f9a72951e61fa7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FB17B708052689FDB25DBA8CD64BEEBBB9AF14308F1085D8D0596B291DB301FD4EF91
                                                                                                                                                                                                                                          Function 6E16DEAE Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 225COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task
                                                                                                                                                                                                                                          • String ID: object key$object separator
                                                                                                                                                                                                                                          • API String ID: 1384045349-2279923633
                                                                                                                                                                                                                                          • Opcode ID: ebfbe4f99bcdc79c4b2b7b3fa731eea575c6a403a3b7ef51756cd6c36483e36d
                                                                                                                                                                                                                                          • Instruction ID: 1b75227a59a92dc8a3134e28a8893b72e9f5aab7a58c8a58652d3e9b0bdc9191
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebfbe4f99bcdc79c4b2b7b3fa731eea575c6a403a3b7ef51756cd6c36483e36d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02B1697080526C9BDB29DBA4CD64BEEBBB9AF14304F1086D8D0596B291DB301FD4EF91
                                                                                                                                                                                                                                          Function 6E17E8C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 210memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17E938
                                                                                                                                                                                                                                            • Part of subcall function 6E1562D0: _DebugHeapAllocator.LIBCPMTD ref: 6E1562DE
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17E9B2
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EA15
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EA81
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A28
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A6A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EAE7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: Error %d:$File: %s$Line: %u
                                                                                                                                                                                                                                          • API String ID: 1698587239-3492824664
                                                                                                                                                                                                                                          • Opcode ID: 1acd0d9c3d0223ecf98a727c59d2643c90ca01af2fb3266a8330f3f923398658
                                                                                                                                                                                                                                          • Instruction ID: 892e883242a7e49b15e2e5bb8fb5ff02e4305501904ac956a0eea75de2000705
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1acd0d9c3d0223ecf98a727c59d2643c90ca01af2fb3266a8330f3f923398658
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 899151B1D0014CEBCF04CFD4D850AEEBBB8AF58308F54855DD525AB390DB346A95DB91
                                                                                                                                                                                                                                          Function 6E151390 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1513CB
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E1513E3
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E151457
                                                                                                                                                                                                                                            • Part of subcall function 6E1562D0: _DebugHeapAllocator.LIBCPMTD ref: 6E1562DE
                                                                                                                                                                                                                                            • Part of subcall function 6E155C30: _DebugHeapAllocator.LIBCPMTD ref: 6E155C67
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1514A5
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1514AE
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E151531
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15153A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E151579
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A28
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A6A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$std::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 100152506-2457274529
                                                                                                                                                                                                                                          • Opcode ID: 424ebebbd8e57d2f1499ff44a5cdcd245da6ec6a988eac761ad96d30b1acbb9a
                                                                                                                                                                                                                                          • Instruction ID: c294f47585362261e1cd27903714c34830220de9b841c3995dbb4f378e6e72b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 424ebebbd8e57d2f1499ff44a5cdcd245da6ec6a988eac761ad96d30b1acbb9a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79613FB1C1014DDFCB05DBE4D954BEEBBB8AF14308F504569D426B7390EB342A98EB91
                                                                                                                                                                                                                                          Function 6E166BE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 126COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166E10: task.LIBCPMTD ref: 6E166F0E
                                                                                                                                                                                                                                            • Part of subcall function 6E166E10: task.LIBCPMTD ref: 6E166F1A
                                                                                                                                                                                                                                            • Part of subcall function 6E166E10: task.LIBCPMTD ref: 6E166F26
                                                                                                                                                                                                                                            • Part of subcall function 6E166E10: task.LIBCPMTD ref: 6E166F35
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B3A
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B46
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B52
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B61
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D2C
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D38
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D47
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D56
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D65
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166D71
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E166DAA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task
                                                                                                                                                                                                                                          • String ID: parse error$parse_error
                                                                                                                                                                                                                                          • API String ID: 1384045349-1820534363
                                                                                                                                                                                                                                          • Opcode ID: f35f31064032ae7714a5f5b8755df79b027020ebfd8765989e09827284a8eb5e
                                                                                                                                                                                                                                          • Instruction ID: 2012c683a13c63985d1f07520315298a6f23e9d888dd66c428175f2fb3e3a2a6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f35f31064032ae7714a5f5b8755df79b027020ebfd8765989e09827284a8eb5e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8051F871D04258EBDB14CFA8CC40BDEBBB8BB58304F5485D9E409A7280EB745A88DFA1
                                                                                                                                                                                                                                          Function 6E188771 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 6E188778
                                                                                                                                                                                                                                          • GetPropW.USER32(?,AfxOldWndProc423), ref: 6E18878F
                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,00000110,?,?), ref: 6E1887F4
                                                                                                                                                                                                                                            • Part of subcall function 6E188CDF: GetWindowRect.USER32(?,?), ref: 6E188D20
                                                                                                                                                                                                                                            • Part of subcall function 6E188CDF: GetWindow.USER32(?,00000004), ref: 6E188D3D
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,?), ref: 6E188817
                                                                                                                                                                                                                                          • RemovePropW.USER32(?,AfxOldWndProc423), ref: 6E188823
                                                                                                                                                                                                                                          • GlobalFindAtomW.KERNEL32(AfxOldWndProc423), ref: 6E18882E
                                                                                                                                                                                                                                          • GlobalDeleteAtom.KERNEL32(?), ref: 6E188838
                                                                                                                                                                                                                                            • Part of subcall function 6E188D8A: GetWindowRect.USER32(?,00000360), ref: 6E188D97
                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 6E188887
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catch_LongRemove
                                                                                                                                                                                                                                          • String ID: AfxOldWndProc423
                                                                                                                                                                                                                                          • API String ID: 3351853316-1060338832
                                                                                                                                                                                                                                          • Opcode ID: 3919358c18709ea3945bfd09a205469387bcf45386de8b78f892acb42f10c9a2
                                                                                                                                                                                                                                          • Instruction ID: e3f1850c7a8490cba579b2d2e5a5ee07abb51417f3a542f9e2bfbcb86ad71ed5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3919358c18709ea3945bfd09a205469387bcf45386de8b78f892acb42f10c9a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3318D71C10219BBCF04AFE4CC588EF7A7DEF0A310B40451AF912B6250CB759D80AFA0
                                                                                                                                                                                                                                          Function 6E15457D Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 93memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1545C9
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154643
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15466A
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E154672
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E154679
                                                                                                                                                                                                                                            • Part of subcall function 6E155940: _DebugHeapAllocator.LIBCPMTD ref: 6E155978
                                                                                                                                                                                                                                            • Part of subcall function 6E155940: _DebugHeapAllocator.LIBCPMTD ref: 6E1559BA
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork$DispatcherExceptionUserstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: .exe$/x %s$[SystemFolder]msiexec.exe$unsupported uninstall command:
                                                                                                                                                                                                                                          • API String ID: 1075433030-2006917672
                                                                                                                                                                                                                                          • Opcode ID: 486e6601dabd482881bfce18ec0d9872119794946759e13769b34a5134d05ad7
                                                                                                                                                                                                                                          • Instruction ID: 26c574147dae8cd7e3417a31394ebc97c6f5dff352778ec3008250c94b669ca9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 486e6601dabd482881bfce18ec0d9872119794946759e13769b34a5134d05ad7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 463164B0D10208DFCF04DBE4D854AEFBB78AF54308F50495DE5226B380DB345AA5EB95
                                                                                                                                                                                                                                          Function 00406113 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 72filestringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(00476240,?,00000000,00000000,?,?,00406300,00000000), ref: 00406168
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000,000000FF,00000002,00000000,00000000,00476240,40000000,00000004), ref: 004061A1
                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,00476240,40000000,00000004), ref: 004061AD
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",0040A678,?,00000000,00000000,?,?,00406300,00000000), ref: 004061C7
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",?,?,00406300,00000000), ref: 004061CE
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00000000,00406300,00000000,?,?,00406300,00000000), ref: 004061E3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
                                                                                                                                                                                                                                          • String ID: @bG$File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll"
                                                                                                                                                                                                                                          • API String ID: 3734993849-2456037641
                                                                                                                                                                                                                                          • Opcode ID: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                          • Instruction ID: 195d9f7db6fc7c0c2d4377fc833027156c916e626c5a885f84869a8699de3d55
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48839086a200bf93aa32383a4ca0414da094928b154be734d4a38c22442d7c90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0121C271500240EBD710ABA8DD88D9B3B6CEB06334B118336F52ABA1E1D7389D85C7AC
                                                                                                                                                                                                                                          Function 6E1A3588 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A359E
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35AA
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35B5
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35C0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35CB
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35D6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35E1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35EC
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A35F7
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A3605
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: e5a16cd6f9e59b4ba9c0f72790de3aad41973481628f5d3ea2b8881f4fe7d351
                                                                                                                                                                                                                                          • Instruction ID: e0d21521641614572c87d2e3f7f9491b07c32a5a331ade49b1a37bfdce299935
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e5a16cd6f9e59b4ba9c0f72790de3aad41973481628f5d3ea2b8881f4fe7d351
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83219A7A900208AFCB51DFD9C884EED7BB9BF08344F04456AE656AB121DB31DB85DB80
                                                                                                                                                                                                                                          Function 6E1A0A8C Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                                                          • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                                                                          • API String ID: 1302938615-1434680307
                                                                                                                                                                                                                                          • Opcode ID: 84efc6adf13da1c8627494b6acf02aa441c5aebb83018cf309e33a6b60a97957
                                                                                                                                                                                                                                          • Instruction ID: 8358ac4d582b7be910eee0ba9843a6163b1077e6c4aee3341a67636f2e17263e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84efc6adf13da1c8627494b6acf02aa441c5aebb83018cf309e33a6b60a97957
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD02AF7DB0125A8AEB208FEDC5A46FDB772FB00B14F604156D7147B684E7709EC8AB12
                                                                                                                                                                                                                                          Function 6E168790 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E169650: std::ios_base::good.LIBCPMTD ref: 6E16965C
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E1687F7
                                                                                                                                                                                                                                            • Part of subcall function 6E169380: task.LIBCPMTD ref: 6E1693FF
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: std::ios_base::good.LIBCPMTD ref: 6E1697C2
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E16984A
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E169859
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D2C
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D38
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D47
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D56
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D65
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D71
                                                                                                                                                                                                                                            • Part of subcall function 6E169B60: task.LIBCPMTD ref: 6E169C5C
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E168937
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E168952
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16895E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E168B32
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E168B50
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E168B5C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$std::ios_base::good
                                                                                                                                                                                                                                          • String ID: value
                                                                                                                                                                                                                                          • API String ID: 683101471-494360628
                                                                                                                                                                                                                                          • Opcode ID: 258af57b6f0c13c07e5c7253c16d95c714db01b304f1f76d1068b37ced31fbe8
                                                                                                                                                                                                                                          • Instruction ID: edaf4f352388ff503692fabf1422dbd33c78ab841fe32f4cc26d434a0519692e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 258af57b6f0c13c07e5c7253c16d95c714db01b304f1f76d1068b37ced31fbe8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ADC1367090512C9BDB28DBA8CC60BEEB7B9AF45304F5085D9D14AAB280DB305FD5EF91
                                                                                                                                                                                                                                          Function 6E173AA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 174COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166FB0: task.LIBCPMTD ref: 6E16702F
                                                                                                                                                                                                                                            • Part of subcall function 6E166FB0: task.LIBCPMTD ref: 6E16703B
                                                                                                                                                                                                                                            • Part of subcall function 6E166FB0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167050
                                                                                                                                                                                                                                            • Part of subcall function 6E166FB0: task.LIBCPMTD ref: 6E167068
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E173B1D
                                                                                                                                                                                                                                          • List.LIBCMTD ref: 6E173B5A
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E173BAD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • iterator out of range, xrefs: 6E173B66
                                                                                                                                                                                                                                          • cannot use erase() with , xrefs: 6E173C8B
                                                                                                                                                                                                                                          • iterator does not fit current value, xrefs: 6E173AD6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionListUser
                                                                                                                                                                                                                                          • String ID: cannot use erase() with $iterator does not fit current value$iterator out of range
                                                                                                                                                                                                                                          • API String ID: 898106873-3306149458
                                                                                                                                                                                                                                          • Opcode ID: cd8cff105d08f9ca48ef254f6f85fdfa43365b0049f310e12099a86d9b3f4483
                                                                                                                                                                                                                                          • Instruction ID: 5ce44d36bd1b02cb1e6dbac5b20d5de70a1fdd001d1f69e6fa42b47b7bab25f9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd8cff105d08f9ca48ef254f6f85fdfa43365b0049f310e12099a86d9b3f4483
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53711C71900118DFCB24CFE4D894EEEB7B8BF58704F6086A9D515AB291EB306E85EF50
                                                                                                                                                                                                                                          Function 00402E55 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 103memoryfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,000000F0), ref: 00402EA9
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,000000F0), ref: 00402EC5
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(FFFFFD66), ref: 00402EFE
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,000000F0), ref: 00402F10
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402F17
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,000000F0), ref: 00402F2F
                                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00402F56
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • created uninstaller: %d, "%s", xrefs: 00402F3B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                                                                          • String ID: created uninstaller: %d, "%s"
                                                                                                                                                                                                                                          • API String ID: 3294113728-3145124454
                                                                                                                                                                                                                                          • Opcode ID: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                                                                                                                                          • Instruction ID: bd1c3f70b2adfd396ae192ad3b35d3c6df9fc0ba6a3ee2c413e2f7d1cf6bca0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 425adf467cb2c86b17273659995b3ed8045270cb1554a1bec104c33d48d0e7ae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF319E72800115ABDB11AFA9CD89DAF7FB9EF08364F10023AF515B61E1C7394E419B98
                                                                                                                                                                                                                                          Function 6E185997 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6E1859BD
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6E1859CD
                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000), ref: 6E1859D6
                                                                                                                                                                                                                                          • DecodePointer.KERNEL32(00000000,?,00000000), ref: 6E1859E4
                                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 6E185A0C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Pointer$AddressDecodeDirectoryEncodeHandleModuleProcSystem
                                                                                                                                                                                                                                          • String ID: SetDefaultDllDirectories$\$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 2101061299-3881611067
                                                                                                                                                                                                                                          • Opcode ID: 8c718e90396cb3821408ba1be7643c3077802b66a8d3c10bc9cf1f66617ad0d0
                                                                                                                                                                                                                                          • Instruction ID: c7bf13dca61311e977d8f8c6e8c53a3f9a912c2c6337db9d48d42e68dfb3cab9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c718e90396cb3821408ba1be7643c3077802b66a8d3c10bc9cf1f66617ad0d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4721F375A40118ABDB10DBE5CC89BEB3BEDEF15790F144865E816D3100E774DAC4BEA1
                                                                                                                                                                                                                                          Function 6E1851A9 Relevance: 14.0, APIs: 9, Instructions: 474COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c110d65add41952a94dcedd9ef9580a7ce8e0d5c870a995b0dca61a6b0741df4
                                                                                                                                                                                                                                          • Instruction ID: 19d06e6ce88bbdce9f7fface72fe946cd595584d6d72bbb8b84b7ab6d41591fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c110d65add41952a94dcedd9ef9580a7ce8e0d5c870a995b0dca61a6b0741df4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7802AD35900A05DFCB05DFE9C88899FBBB6FF4A311B258159E912AB311DB31AC81DF90
                                                                                                                                                                                                                                          Function 6E1AD068 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 649042546f967551243e5b2da47fcfd584aee5852a320f61a528fbb3bbfe30cb
                                                                                                                                                                                                                                          • Instruction ID: d6ebc905c33124bc21d2d948a05f41728301630b770ca883328d5b0b937729ec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 649042546f967551243e5b2da47fcfd584aee5852a320f61a528fbb3bbfe30cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4C1A3B8E04A459FDB01CFDDC890BBD7FB5AF5A308F104459EA24AB281C7749981EF61
                                                                                                                                                                                                                                          Function 6E1861D1 Relevance: 13.6, APIs: 9, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 6E1861DB
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,00000000,00000080), ref: 6E186222
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,00000000,00000000), ref: 6E18624E
                                                                                                                                                                                                                                          • ValidateRect.USER32(00000000,00000000), ref: 6E186261
                                                                                                                                                                                                                                            • Part of subcall function 6E18E627: GetClientRect.USER32(?,?), ref: 6E18E691
                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,00000000), ref: 6E1862D9
                                                                                                                                                                                                                                          • BeginPaint.USER32(00000000,?), ref: 6E1862E6
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,00000000,?), ref: 6E18631C
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,00000000), ref: 6E18633E
                                                                                                                                                                                                                                          • EndPaint.USER32(00000000,?), ref: 6E186356
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Rect$ClientPaint$BeginH_prolog3_Validate
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3883544035-0
                                                                                                                                                                                                                                          • Opcode ID: a287f453ebcd6779e0823ceed6ee10207a82e2a9745aba14c21333528f48ed17
                                                                                                                                                                                                                                          • Instruction ID: 23b2ce599f7df7977df9557b3a0435a04bebee69550b676c981f98a6b6b4b7b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a287f453ebcd6779e0823ceed6ee10207a82e2a9745aba14c21333528f48ed17
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5416271920A09EBDF119FE0CC94AAFBBBAFF58304F10886DE55692120DB349990FF50
                                                                                                                                                                                                                                          Function 6E186D5E Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 219libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(user32.dll), ref: 6E186D81
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetGestureInfo), ref: 6E186DB6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseGestureInfoHandle), ref: 6E186DDE
                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 6E186E6A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$ClientHandleModuleScreen
                                                                                                                                                                                                                                          • String ID: CloseGestureInfoHandle$GetGestureInfo$user32.dll
                                                                                                                                                                                                                                          • API String ID: 471820996-2905070798
                                                                                                                                                                                                                                          • Opcode ID: ab93cabfbc5dd69599cdf5668e0c24f20ef661860e9597e2eac8414ab944b572
                                                                                                                                                                                                                                          • Instruction ID: 93dba9f2e7b7b387df485ae9c74ca02d8a32056a39c8236765dc5c84066bc5a8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab93cabfbc5dd69599cdf5668e0c24f20ef661860e9597e2eac8414ab944b572
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6981B274A20A1AEFCB41CFA8C968AAA7BF5FF09710B104159E815D7350D735EDA1EF80
                                                                                                                                                                                                                                          Function 6E15A490 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E155BB0: _DebugHeapAllocator.LIBCPMTD ref: 6E155BE7
                                                                                                                                                                                                                                            • Part of subcall function 6E155C30: _DebugHeapAllocator.LIBCPMTD ref: 6E155C67
                                                                                                                                                                                                                                          • _fwprintf.LIBCONCRTD ref: 6E15A588
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15A5E6
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15A60E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15A644
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork_fwprintf
                                                                                                                                                                                                                                          • String ID: %02X$%d.%d.%d.%d$%s-%s-%s
                                                                                                                                                                                                                                          • API String ID: 500518543-2720032964
                                                                                                                                                                                                                                          • Opcode ID: 5968ba9c2b4d9484fd3f23f49601df6f7696e824232010bf57396fd34e47cf53
                                                                                                                                                                                                                                          • Instruction ID: 7373836a920e81920ecacea7f284aa596ce3c6d8d8175ed5fc0c447fdbb029d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5968ba9c2b4d9484fd3f23f49601df6f7696e824232010bf57396fd34e47cf53
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 456140B1810149EBDB04DFE4DC94FEEBBB8BF14308F548919E421A7390DB746A98DB91
                                                                                                                                                                                                                                          Function 6E165B30 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 136memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(00000114,?,?,A4C33E3A), ref: 6E165BAD
                                                                                                                                                                                                                                            • Part of subcall function 6E155860: _DebugHeapAllocator.LIBCPMTD ref: 6E1558B5
                                                                                                                                                                                                                                            • Part of subcall function 6E1676F0: _DebugHeapAllocator.LIBCPMTD ref: 6E167839
                                                                                                                                                                                                                                            • Part of subcall function 6E1676F0: task.LIBCPMTD ref: 6E167845
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E165D1D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueVersionWorktask
                                                                                                                                                                                                                                          • String ID: ((e$SIB(Windows NT %d.%d)$appVersion$uid$v=1&tid=UA-816690-18&cid=%s&ua=%s&an=sib&av=%s
                                                                                                                                                                                                                                          • API String ID: 3198242046-1447975452
                                                                                                                                                                                                                                          • Opcode ID: 092b378fc910d620bd3bb4e2b05e1d5d0b4f393a19ef659a3333dbf9ac6cb65e
                                                                                                                                                                                                                                          • Instruction ID: 0c81a0e589f9c6bb5c9fa2af1613adbaaac5db801b9e287f1b88c911dbb40e5f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 092b378fc910d620bd3bb4e2b05e1d5d0b4f393a19ef659a3333dbf9ac6cb65e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 925147B0910158EBCB24CBA4CC54BDEBBB8AB59708F4045D8E519AB380DB342BD8DF91
                                                                                                                                                                                                                                          Function 6E18E1C3 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CheckMenuItem.USER32(?,?,00000000), ref: 6E18E1F2
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA86: GetWindowTextW.USER32(?,?,00000100), ref: 6E18DADC
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA86: lstrcmpW.KERNEL32(?,?), ref: 6E18DAEE
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA86: SetWindowTextW.USER32(?,?), ref: 6E18DAFA
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000087,00000000,00000000), ref: 6E18E20D
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,?,00000000), ref: 6E18E22A
                                                                                                                                                                                                                                          • SetMenuItemBitmaps.USER32(?,?,00000400,00000000,00000000), ref: 6E18E297
                                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000001,?), ref: 6E18E2E7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ItemMenu$MessageSendTextWindow$BitmapsCheckInfolstrcmp
                                                                                                                                                                                                                                          • String ID: 0$@
                                                                                                                                                                                                                                          • API String ID: 72408025-1545510068
                                                                                                                                                                                                                                          • Opcode ID: 7704fe8e18cc2afe9db6bf5311a9ef3c82a3801d7f0bceb50db54a4f0fcc9ece
                                                                                                                                                                                                                                          • Instruction ID: bddf4e2bfd85552a2c539a1c0a9ae63afc256fcff17a6c2cacc815c669fa42d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7704fe8e18cc2afe9db6bf5311a9ef3c82a3801d7f0bceb50db54a4f0fcc9ece
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B41CF71600205EFEB149FA5CC44F9BBBBAFF15710F208A29E9099B550D770EA91EF90
                                                                                                                                                                                                                                          Function 6E165E70 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84networkCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000202,?), ref: 6E165EC7
                                                                                                                                                                                                                                          • send.WS2_32(000000FF,00000000,?,00000000), ref: 6E165F60
                                                                                                                                                                                                                                          • WSAGetLastError.WS2_32 ref: 6E165F6E
                                                                                                                                                                                                                                          • closesocket.WS2_32(000000FF), ref: 6E165F81
                                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 6E165F91
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • POST /collect HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.google-analytics.comContent-Length: %d%s, xrefs: 6E165F01
                                                                                                                                                                                                                                          • www.google-analytics.com, xrefs: 6E165F28
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Base::CleanupConcurrency::details::ContextErrorIdentityLastQueueStartupWorkclosesocketsend
                                                                                                                                                                                                                                          • String ID: POST /collect HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: www.google-analytics.comContent-Length: %d%s$www.google-analytics.com
                                                                                                                                                                                                                                          • API String ID: 946640716-1480477549
                                                                                                                                                                                                                                          • Opcode ID: bfe397deaef65418bf092d6cb3a5c967cfc781c328fddc263cfc617d56981462
                                                                                                                                                                                                                                          • Instruction ID: 855d0ef06d86c689e3e6adda938a5698fd7e198160a400248fe14fe50356e85e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfe397deaef65418bf092d6cb3a5c967cfc781c328fddc263cfc617d56981462
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 923160B0901218EFDB10DFA4CD44BEEBB79AF06314F504699E469AA2C0DB346AC4DF52
                                                                                                                                                                                                                                          Function 6E163E60 Relevance: 12.3, APIs: 8, Instructions: 274COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: allocator
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3447690668-0
                                                                                                                                                                                                                                          • Opcode ID: c84d093dc6b40ada9f1773df3543e0895bd94c561b16ee5232f534ef157f9352
                                                                                                                                                                                                                                          • Instruction ID: c609d7036c9e7689c8eeaf6cc63ed3e2bee78eed99049f758bcce70382e291bb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c84d093dc6b40ada9f1773df3543e0895bd94c561b16ee5232f534ef157f9352
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78A14FB5E00109EFCB04CFD8D9A08DEB7B9BF95304F608598E415A7245DB30AEA1EB91
                                                                                                                                                                                                                                          Function 6E1A944D Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3409252457-0
                                                                                                                                                                                                                                          • Opcode ID: 12e62547a7cc039a3a56b4864c6aac33195a759acb826bc835f285f3ffaa8a6b
                                                                                                                                                                                                                                          • Instruction ID: c8ba256755e18e69d3dad485b758c94d6f5712fb00d6eeaa706e32ceb011778b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12e62547a7cc039a3a56b4864c6aac33195a759acb826bc835f285f3ffaa8a6b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF5118B8904341AFEB10DFFDA860ABD7BA8AF05314F10855EE725D7181EB3685C1EB50
                                                                                                                                                                                                                                          Function 6E166640 Relevance: 12.1, APIs: 8, Instructions: 115COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000004,?,?,?,?,?,?,6E17CB64), ref: 6E16665B
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000001,00000004,?,?,?,?,?,?,6E17CB64), ref: 6E16666A
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004,?,?,?,?,?,?,6E17CB64), ref: 6E166679
                                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004,?,?,?,?,?,?,6E17CB64), ref: 6E166688
                                                                                                                                                                                                                                            • Part of subcall function 6E166810: CopyRect.USER32(?,6E16669A), ref: 6E16681F
                                                                                                                                                                                                                                            • Part of subcall function 6E17F380: MulDiv.KERNEL32(00000003,00000060,00000060), ref: 6E17F38F
                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000010,?,?,?,?,?), ref: 6E1666E1
                                                                                                                                                                                                                                          • SetWindowPos.USER32(00000001,000000FF,?,?,?,?,00000010,?,?,?,?,?,?,6E17CB64), ref: 6E16670D
                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,?,?,?,00000000,00000010,?,?,?,?,?,?,6E17CB64), ref: 6E166733
                                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,?,?,?,00000000,00000010,?,?,?,?,?,?,6E17CB64), ref: 6E16675C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Show$CopyRect
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 256051259-0
                                                                                                                                                                                                                                          • Opcode ID: 9eb79a7f5d4a5737f3e5b0fdd2ec04cd10438064b07dbe1d2d9f7f553bb7cfc6
                                                                                                                                                                                                                                          • Instruction ID: 651bb4fa63e589132a2b350398e98e380c40f63093116f4bf7c52abfdadbb193
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eb79a7f5d4a5737f3e5b0fdd2ec04cd10438064b07dbe1d2d9f7f553bb7cfc6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2541C1B5A10109AFDB04DFD8C995EFFB779AF48711F108618F615AB2C0DB34A941DBA0
                                                                                                                                                                                                                                          Function 6E18AB77 Relevance: 12.1, APIs: 8, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 6E18AB7E
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,6E18AAA5,?,00000000), ref: 6E18AB8F
                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000), ref: 6E18ABAB
                                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000010,?,?,00000000), ref: 6E18AC13
                                                                                                                                                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000010,?,?,00000000), ref: 6E18AC2D
                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E18AC5E
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000), ref: 6E18AC7C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocCriticalLocalSectionValue$EnterH_prolog3_catchLeave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1707010094-0
                                                                                                                                                                                                                                          • Opcode ID: 803248a370d62c5ab35c16627fb3977553030263fc32913d6baaef55c56d7c9e
                                                                                                                                                                                                                                          • Instruction ID: 7c6cf4743cf11c504ae7361f0afd79c93917cefa90efcdcf23960b1e78e5f820
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 803248a370d62c5ab35c16627fb3977553030263fc32913d6baaef55c56d7c9e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE31B070500B01DFCBA5DF99C895A5B7BB6FF41320B60C51DE815AB294D770E880EF51
                                                                                                                                                                                                                                          Function 6E18DB17 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RealChildWindowFromPoint.USER32(?,?,?), ref: 6E18DB3B
                                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 6E18DB56
                                                                                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 6E18DB5F
                                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 6E18DB6F
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 6E18DB7F
                                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 6E18DB9D
                                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 6E18DBAD
                                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 6E18DBBC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Rect$ChildClientCtrlFromLongPointRealScreen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 151369081-0
                                                                                                                                                                                                                                          • Opcode ID: 85ef9b930c805b1d889173096823807760d9f8331976d81b969fff259fb9874d
                                                                                                                                                                                                                                          • Instruction ID: 7f654b72cff003cb669d7643200b7f4b1e0e869644d582eec1eb97e75e477154
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85ef9b930c805b1d889173096823807760d9f8331976d81b969fff259fb9874d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82215371901A1AABCF119FA9CC48DAFBBBDFF0A711B10412AF511E7240DB34DA459F91
                                                                                                                                                                                                                                          Function 00403DF6 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00403E10
                                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00403E2C
                                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00403E38
                                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00403E44
                                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00403E57
                                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00403E67
                                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00403E81
                                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00403E8B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                                          • Opcode ID: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                          • Instruction ID: 46e75ec11a9703e62b9e59528547c83071966f0b6f932d53464b5ad1ffaeee7a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cd1843f4009558aed8999710a19f2fd839bd0fd7577925b5fb66d8747ca327a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA116371500744ABCB219F78DD08B5BBFF8AF40715F048A2AE895E22A1D738DA44CB94
                                                                                                                                                                                                                                          Function 6E18EA35 Relevance: 12.1, APIs: 8, Instructions: 60memorystringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 6E18EA49
                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(00000000,?), ref: 6E18EA5A
                                                                                                                                                                                                                                          • OpenPrinterW.WINSPOOL.DRV(?,?,00000000), ref: 6E18EA6F
                                                                                                                                                                                                                                          • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6E18EA8F
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 6E18EA97
                                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 6E18EAA1
                                                                                                                                                                                                                                          • DocumentPropertiesW.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 6E18EAB2
                                                                                                                                                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 6E18EACA
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA53: GlobalFlags.KERNEL32(?), ref: 6E18DA60
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA53: GlobalUnlock.KERNEL32(?), ref: 6E18DA6E
                                                                                                                                                                                                                                            • Part of subcall function 6E18DA53: GlobalFree.KERNEL32(?), ref: 6E18DA7A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 168474834-0
                                                                                                                                                                                                                                          • Opcode ID: 7bba0ba5de5f1a04f3311051a150c2810ee05dbc9da1174ee3c18464aeb99594
                                                                                                                                                                                                                                          • Instruction ID: ff5ce7ea57e0e9be00c0f79ea1d0fac7cd26c2e4ae4c38e7fde73a23c4f6894e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bba0ba5de5f1a04f3311051a150c2810ee05dbc9da1174ee3c18464aeb99594
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32114FB1100608FFEB129FE0CC84EAB7AADEF04B48B504869B61295031D7319E90FB20
                                                                                                                                                                                                                                          Function 6E18BEF8 Relevance: 12.0, APIs: 8, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000B), ref: 6E18BEFE
                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000C), ref: 6E18BF09
                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 6E18BF14
                                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000003), ref: 6E18BF22
                                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 6E18BF30
                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 6E18BF3B
                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 6E18BF47
                                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 6E18BF53
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1151147025-0
                                                                                                                                                                                                                                          • Opcode ID: 9a69642e304137182b64a32ec8c898fddda2949b71332b80c5192eb7f0889c31
                                                                                                                                                                                                                                          • Instruction ID: fa844c9eec4a930d0054b1e4aadec8f21e67a61c5c4992e888c60ea624b3dd39
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a69642e304137182b64a32ec8c898fddda2949b71332b80c5192eb7f0889c31
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0E7B1940B00ABEB105FB1D80DB9A7F66FF46752F008515F606CA580DBB5C441AF90
                                                                                                                                                                                                                                          Function 6E152170 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 244registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E158020: RegEnumKeyExW.ADVAPI32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6E158055
                                                                                                                                                                                                                                            • Part of subcall function 6E158270: RegCloseKey.ADVAPI32(?), ref: 6E15828E
                                                                                                                                                                                                                                          • RegLoadKeyW.ADVAPI32(80000003,00000000,00000000,00000000,00000000,?,?,00000000,A4C33E3A), ref: 6E15253A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseEnumLoad
                                                                                                                                                                                                                                          • String ID: ProfileImagePath$SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList$SeBackupPrivilege$SeRestorePrivilege$\NTUSER.DAT
                                                                                                                                                                                                                                          • API String ID: 3456385632-2785325313
                                                                                                                                                                                                                                          • Opcode ID: 189b51001eed3ff5d2880f441569102f3b584f14fb31144e597e38160cbed088
                                                                                                                                                                                                                                          • Instruction ID: 96387751f3a4a5c039fd574c41ffc50f985d23b92f2591186a922f1778aba8fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 189b51001eed3ff5d2880f441569102f3b584f14fb31144e597e38160cbed088
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECB15DB185511CDADB24DBA4DC98BEDB778AF24308F2045E8D02967290EB741FD8EF91
                                                                                                                                                                                                                                          Function 6E16E2E1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E169B60: task.LIBCPMTD ref: 6E169C5C
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E444
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E462
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E471
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E480
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • number overflow parsing ', xrefs: 6E16E34A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: number overflow parsing '
                                                                                                                                                                                                                                          • API String ID: 2520070614-3802681121
                                                                                                                                                                                                                                          • Opcode ID: eb2a02f07d375101bf8f80088cf2d531adc980a0c928daacd328a3b1a264d42f
                                                                                                                                                                                                                                          • Instruction ID: eaf0f85b2ab5d060e6b7af5ba06c306319746f726623dc44fc0ed1561bb674e6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb2a02f07d375101bf8f80088cf2d531adc980a0c928daacd328a3b1a264d42f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2514970C042689BDB65CBA8CC64BEEBBB9AF55304F0482D9D0496B281EB301FD4EF51
                                                                                                                                                                                                                                          Function 6E16D0C1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E169B60: task.LIBCPMTD ref: 6E169C5C
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D224
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D242
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D251
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D260
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • number overflow parsing ', xrefs: 6E16D12A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: number overflow parsing '
                                                                                                                                                                                                                                          • API String ID: 2520070614-3802681121
                                                                                                                                                                                                                                          • Opcode ID: 342c9a87e4321bf70ce77d35d53053e95274af055c274e92016f64c3e7c00c19
                                                                                                                                                                                                                                          • Instruction ID: d7e1685a8e4cf864bd98c075fb42d7ca61d456d4092a8ee4cc7f2a7b3f70921c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 342c9a87e4321bf70ce77d35d53053e95274af055c274e92016f64c3e7c00c19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09515970C042689BDB65DBA8CC64BEEBBB9AF55308F1481D9D0496B281EB301FD4EF51
                                                                                                                                                                                                                                          Function 6E192CA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 6E192CD7
                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6E192CDF
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 6E192D68
                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6E192D93
                                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 6E192DE8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                          • Opcode ID: ded0be62c6bdf02aee2b6e9aa6dd331e419388c87915543d504d4f718bfe9d81
                                                                                                                                                                                                                                          • Instruction ID: 456d4bd8b0d08f3164058124ce5bb240bfd938ead18c5f6eed56ca4013987d68
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ded0be62c6bdf02aee2b6e9aa6dd331e419388c87915543d504d4f718bfe9d81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1418134A002099BCF10DFA8D894ADE7BF9AF45328F108555E8249B391D7359A86FB91
                                                                                                                                                                                                                                          Function 6E18053C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Comctl32.dll,00000000,00000000,00000002,Comctl32.dll,00000040), ref: 6E1806D2
                                                                                                                                                                                                                                            • Part of subcall function 6E180498: GetProcAddress.KERNEL32(00000000,00000000), ref: 6E1804C6
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000105,?,6E18A463,00000000,6E1C7FE0,00000010,6E18B5B8,00000000,?,00000000,6E1B7BD4,?,00000001,0000000C), ref: 6E1805EC
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(0000006F,?,6E18A463,00000000,6E1C7FE0,00000010,6E18B5B8,00000000,?,00000000,6E1B7BD4,?,00000001,0000000C,6E18B610,00000000), ref: 6E180600
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000020), ref: 6E180657
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$AddressFileLibraryLoadModuleNameProc
                                                                                                                                                                                                                                          • String ID: Comctl32.dll$GetModuleHandleExW
                                                                                                                                                                                                                                          • API String ID: 3640817601-1171143627
                                                                                                                                                                                                                                          • Opcode ID: 887c49a1e8ced57edbbdd431050e47b21c7aec48a1e07a84ef1794d15464d519
                                                                                                                                                                                                                                          • Instruction ID: de2552c37c53b22be27a4d1623699e24fd64c47e7536685a093df197b819d35a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 887c49a1e8ced57edbbdd431050e47b21c7aec48a1e07a84ef1794d15464d519
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C241927190261DAAFB608BE4CC58BDF77B9AB94714F300596E425E6180EB788EC0FF51
                                                                                                                                                                                                                                          Function 6E1843F4 Relevance: 10.6, APIs: 7, Instructions: 118windowthreadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18433F: GetParent.USER32(?), ref: 6E18439F
                                                                                                                                                                                                                                            • Part of subcall function 6E18433F: GetLastActivePopup.USER32(?), ref: 6E1843B9
                                                                                                                                                                                                                                            • Part of subcall function 6E18433F: IsWindowEnabled.USER32(?), ref: 6E1843CD
                                                                                                                                                                                                                                            • Part of subcall function 6E18433F: EnableWindow.USER32(?,00000000), ref: 6E1843E0
                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 6E18443F
                                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 6E184455
                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 6E18445F
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000376,00000000,00000000), ref: 6E184475
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 6E1844F8
                                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,00000000), ref: 6E18451A
                                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 6E18453F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Enable$MessageProcess$ActiveCurrentEnabledFileLastModuleNameParentPopupSendThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1924968399-0
                                                                                                                                                                                                                                          • Opcode ID: 0f58f57b938ebd71398de8240fd1eb7ec23e3092ee46c332a18b5f2a0ec1cbeb
                                                                                                                                                                                                                                          • Instruction ID: 28b916408631cbd7b167ee4ffce253419be0196370792c51f3e1e16a1f34885c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f58f57b938ebd71398de8240fd1eb7ec23e3092ee46c332a18b5f2a0ec1cbeb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E419175A402199FDB50CFA4CC98BEEB3BEAF24710F204599E519D7280DB708EC19F50
                                                                                                                                                                                                                                          Function 6E1875E3 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 102libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(user32.dll), ref: 6E18760E
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetTouchInputInfo), ref: 6E187643
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CloseTouchInputHandle), ref: 6E18766B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                          • String ID: CloseTouchInputHandle$GetTouchInputInfo$user32.dll
                                                                                                                                                                                                                                          • API String ID: 667068680-1853737257
                                                                                                                                                                                                                                          • Opcode ID: f81a9d15db60faf576addd30c005fd790e5093cb009b266128a6bc6a19bbf8b3
                                                                                                                                                                                                                                          • Instruction ID: b3945ea5c9e8f75647891dd195463518721ad3527152b1f3ab2b705bb97c2191
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f81a9d15db60faf576addd30c005fd790e5093cb009b266128a6bc6a19bbf8b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6731B278711601DBEF459BA9C81D96B3FE9EB4AB60710842BE811D7280DB35A9C0FE90
                                                                                                                                                                                                                                          Function 6E166E10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task
                                                                                                                                                                                                                                          • String ID: at line $, column
                                                                                                                                                                                                                                          • API String ID: 1384045349-191570568
                                                                                                                                                                                                                                          • Opcode ID: 9e9d095d70e1a1e7bac7f473d6c40a26bedf718d478272a1f04329c21c9b6c44
                                                                                                                                                                                                                                          • Instruction ID: 117eba5b8fa56b5bc92bb696c33985ac2ec53151f0325c19b1c46ef881b81ada
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9d095d70e1a1e7bac7f473d6c40a26bedf718d478272a1f04329c21c9b6c44
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1412875D04148EBDF10CFA8C844BDDBBB8BB58704F1485ADE419A7341EB349A84DF50
                                                                                                                                                                                                                                          Function 6E1A4C6C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                                                                                          • Opcode ID: 874bf1e9f8f572a8dbf47aac2e419b2379614d999d99f9fa575cbafba51e3ddb
                                                                                                                                                                                                                                          • Instruction ID: 7e3d736206b13fad7a4dfa530d63f4117236a89e5644c7d9baf7fc10bb2e07e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 874bf1e9f8f572a8dbf47aac2e419b2379614d999d99f9fa575cbafba51e3ddb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B21DB79A05725BBDB118AED8C44B6A37689F227A0F710514EF15AB284DE30DD42A5E0
                                                                                                                                                                                                                                          Function 00404F9E Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00445D80,00425AD2,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                          • lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                          • SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2740478559-0
                                                                                                                                                                                                                                          • Opcode ID: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                          • Instruction ID: 2ad3572104664f977ebc3f2c903ed8e4223e657edd1a0c85de02785a0cf57670
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3275530aef0c04b4202250623e45ea8dce7054cefbb9f1e0f944281260c15b48
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD219DB1800518BBDF119F65CD849CFBFB9EF45714F10803AF905B22A1C7794A909B98
                                                                                                                                                                                                                                          Function 6E18838D Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 70libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(?,?,?,?,?,?,?,?,?,?,user32.dll), ref: 6E18839E
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegisterTouchWindow), ref: 6E1883B0
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,UnregisterTouchWindow), ref: 6E1883BE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                          • String ID: RegisterTouchWindow$UnregisterTouchWindow$user32.dll
                                                                                                                                                                                                                                          • API String ID: 667068680-2470269259
                                                                                                                                                                                                                                          • Opcode ID: 0d09fa0ca3c454ccb3f7ab541e6e63465569b58026de55da5101a4c589cc2054
                                                                                                                                                                                                                                          • Instruction ID: 349fecbcb3813f565a5c51d4d93c2269a4d3daef379b2e1362405ae2d47d3432
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d09fa0ca3c454ccb3f7ab541e6e63465569b58026de55da5101a4c589cc2054
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40112632601A16ABDB411BE9C888A9FBB6AFF65361B500126FD0583600DB30EC91AED4
                                                                                                                                                                                                                                          Function 6E1AB535 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1AB4FD: _free.LIBCMT ref: 6E1AB522
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB583
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB58E
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB599
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB5ED
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB5F8
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB603
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB60E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 7e96a8ca16e791795dd0e933ce7634927f62b81a235f0c9e4e83b0672b1116f2
                                                                                                                                                                                                                                          • Instruction ID: 1006d34e72594f9f27f8a31ad923c14aa882616bd6e97a0921c564bf9802387e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e96a8ca16e791795dd0e933ce7634927f62b81a235f0c9e4e83b0672b1116f2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC116D35940B4CAAD570EBF6DC09FEB779D5F00B04F804C1DA39B67061DB28A595E650
                                                                                                                                                                                                                                          Function 00402238 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59synchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                            • Part of subcall function 00405C6B: CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00402288
                                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00402298
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00402AF2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Exec: failed createprocess ("%s"), xrefs: 004022C2
                                                                                                                                                                                                                                          • Exec: success ("%s"), xrefs: 00402263
                                                                                                                                                                                                                                          • Exec: command="%s", xrefs: 00402241
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$CloseHandleProcess$CodeCreateExitObjectSingleTextWaitWindowlstrcatwvsprintf
                                                                                                                                                                                                                                          • String ID: Exec: command="%s"$Exec: failed createprocess ("%s")$Exec: success ("%s")
                                                                                                                                                                                                                                          • API String ID: 2014279497-3433828417
                                                                                                                                                                                                                                          • Opcode ID: b07d39edd45b6d2841688a986433f0381924528bdc22dd5a03576e07f79a18b6
                                                                                                                                                                                                                                          • Instruction ID: 042007ee205ef60e30064d08c60082207347e2967af2fac5581f577c4c1081ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b07d39edd45b6d2841688a986433f0381924528bdc22dd5a03576e07f79a18b6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E11A332504115EBDB01BFE1DE49AAE3A62EF04324B24807FF502B51D2C7BD4D51DA9D
                                                                                                                                                                                                                                          Function 0040487A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404895
                                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 0040489D
                                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 004048B5
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 004048C7
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004048ED
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                          • Opcode ID: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                          • Instruction ID: ebefa7930bdcd0e41c689069c6d494cf412fee4c497549fa98469d3d4217857c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd0771fa492b48a0b3c5816c4430d79e7bf8162a268c2264a59d8032563336e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A019E72A00219BAEB00DB94CC85BEEBBB8AF44710F10412ABB10B61D0C3B45A058BA4
                                                                                                                                                                                                                                          Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00060500,00000064,00FB9AA0), ref: 00403295
                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 004032A5
                                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 004032B5
                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 0040329F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                          • Opcode ID: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                          • Instruction ID: b5f4dff99bd495ec87a9693a0662ffae913500554fa258d9a040327637eece45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3861699fe6b90eb98aefdbb76a6aac10e2c6ef9ed100297db3f2db1cf1739afe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8014470640109BBEF109F60DC4AFEE3B68AB00309F008439FA05E51E1DB789A55CF58
                                                                                                                                                                                                                                          Function 6E18BEA6 Relevance: 10.5, APIs: 7, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 6E18BEAB
                                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 6E18BEB6
                                                                                                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 6E18BEC1
                                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 6E18BECC
                                                                                                                                                                                                                                          • GetSysColor.USER32(00000006), ref: 6E18BED7
                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 6E18BEE2
                                                                                                                                                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 6E18BEED
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Color$Brush
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2798902688-0
                                                                                                                                                                                                                                          • Opcode ID: 704ae587dec715582b8ccbf40bb9b81ba6ed81817b97e2c8feee0071d7508274
                                                                                                                                                                                                                                          • Instruction ID: 44a81bc438fc4d17b879a2b679f3bf3715e2b1f820ba0194c24b7b82d7a31606
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 704ae587dec715582b8ccbf40bb9b81ba6ed81817b97e2c8feee0071d7508274
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF07471941B059BDB606FB1C54D74A7AE2BF09711F04892DE286CFA95E7B6A040AB00
                                                                                                                                                                                                                                          Function 6E1A5A84 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6E1A5ACC
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 6E1A5CAB
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 6E1A5CC8
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,6E1A5344,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1A5D10
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E1A5D50
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E1A5DFC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4031098158-0
                                                                                                                                                                                                                                          • Opcode ID: 4a11c03adfe638af87795807a5d01578c89912f04b7d79eacef5106719a0693f
                                                                                                                                                                                                                                          • Instruction ID: f5c4164232616d758d2855dd4a1fd3666278dd35837bac0e826f5fa4ab72b2ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a11c03adfe638af87795807a5d01578c89912f04b7d79eacef5106719a0693f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6D1CB79D082599FCF11CFE8C8809EDBBB9BF49314F24406AE915FB241D731AA86DB50
                                                                                                                                                                                                                                          Function 6E1A137B Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6E1A1503
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E1A151F
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6E1A1536
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E1A1554
                                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 6E1A156B
                                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E1A1589
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                                          • Opcode ID: 8a6faab85275682f0e9bf99bb69d726ffda48f62b9432fab9b7c3976349e64ce
                                                                                                                                                                                                                                          • Instruction ID: 6366d1e7edfe65f34d0e2155488609027fcadc61eb731003cf647fb0a8d9e4b0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6faab85275682f0e9bf99bb69d726ffda48f62b9432fab9b7c3976349e64ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D881C7F57007029FE714DEEDCC40BAA73E9AF55364F204A2AE611DB6C0E770D989AB50
                                                                                                                                                                                                                                          Function 6E16117F Relevance: 9.1, APIs: 6, Instructions: 108memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611B0
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611C1
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1611D3
                                                                                                                                                                                                                                            • Part of subcall function 6E155940: _DebugHeapAllocator.LIBCPMTD ref: 6E155978
                                                                                                                                                                                                                                            • Part of subcall function 6E155940: _DebugHeapAllocator.LIBCPMTD ref: 6E1559BA
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A28
                                                                                                                                                                                                                                            • Part of subcall function 6E1559F0: _DebugHeapAllocator.LIBCPMTD ref: 6E155A6A
                                                                                                                                                                                                                                            • Part of subcall function 6E160860: _DebugHeapAllocator.LIBCPMTD ref: 6E160894
                                                                                                                                                                                                                                            • Part of subcall function 6E160860: _DebugHeapAllocator.LIBCPMTD ref: 6E160939
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E16125A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1612E9
                                                                                                                                                                                                                                          • ~.LIBCPMTD ref: 6E1612FC
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                                                          • Opcode ID: 57b0dfcf6f4a3e2f5cbfef6f1e6a399df1cd92519ef38857910cb8ff724e5bcd
                                                                                                                                                                                                                                          • Instruction ID: f203bef9c98395a2b5322768d96168ed7ae44b538247a91ab6720914ddda37ca
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57b0dfcf6f4a3e2f5cbfef6f1e6a399df1cd92519ef38857910cb8ff724e5bcd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B84169B1D10218DFCB04CFE4C841BDEBBB8AF54308F50809CD01AAB241EB742A99EF51
                                                                                                                                                                                                                                          Function 6E165FD0 Relevance: 9.1, APIs: 6, Instructions: 103networkCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _swprintf.LIBCMTD ref: 6E166033
                                                                                                                                                                                                                                            • Part of subcall function 6E166510: __vswprintf_s_l.LIBCONCRTD ref: 6E16652E
                                                                                                                                                                                                                                          • getaddrinfo.WS2_32(?,?,?,?), ref: 6E16604B
                                                                                                                                                                                                                                          • socket.WS2_32(?,?,?), ref: 6E16608B
                                                                                                                                                                                                                                          • connect.WS2_32(000000FF,?,?), ref: 6E1660B8
                                                                                                                                                                                                                                          • closesocket.WS2_32(000000FF), ref: 6E1660D2
                                                                                                                                                                                                                                          • freeaddrinfo.WS2_32(?), ref: 6E1660E5
                                                                                                                                                                                                                                            • Part of subcall function 6E19F550: IsProcessorFeaturePresent.KERNEL32(00000017,6E1A3788,?,?,6E19F469,?,?,?,?,6E15CB2E,00000000,00000000,?,?,00000000), ref: 6E19F56C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FeaturePresentProcessor__vswprintf_s_l_swprintfclosesocketconnectfreeaddrinfogetaddrinfosocket
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3109923487-0
                                                                                                                                                                                                                                          • Opcode ID: eb0ead079790d5f664701cd223001e828763b7ed96f210ab7e6e0687b4b5a5c0
                                                                                                                                                                                                                                          • Instruction ID: 7d6d79c156aa910426040625cae29c74de1ba72f8f757f29b1f1c28a8e3d8378
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb0ead079790d5f664701cd223001e828763b7ed96f210ab7e6e0687b4b5a5c0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F41C4B4D10209DFCF44CFE9C884AEEBBB5BF49314F208669E525A7281D7359981DFA0
                                                                                                                                                                                                                                          Function 6E15B650 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E15B790: _DebugHeapAllocator.LIBCPMTD ref: 6E15B830
                                                                                                                                                                                                                                            • Part of subcall function 6E15B790: _DebugHeapAllocator.LIBCPMTD ref: 6E15B885
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B6B0
                                                                                                                                                                                                                                            • Part of subcall function 6E15C990: _DebugHeapAllocator.LIBCPMTD ref: 6E15C99E
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B6D7
                                                                                                                                                                                                                                            • Part of subcall function 6E15C970: _DebugHeapAllocator.LIBCPMTD ref: 6E15C97E
                                                                                                                                                                                                                                            • Part of subcall function 6E15B790: _DebugHeapAllocator.LIBCPMTD ref: 6E15B83F
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B6FE
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E15B712
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B747
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B75F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1085074254-0
                                                                                                                                                                                                                                          • Opcode ID: 65b1a9e67e41cc74dad1c3ca9268256aff058c36bb89ec5855ee41ca82f114cb
                                                                                                                                                                                                                                          • Instruction ID: fa7cc55972d33a6284452fca71fe2957d0831ddf6559285e659ba18adea44584
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65b1a9e67e41cc74dad1c3ca9268256aff058c36bb89ec5855ee41ca82f114cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A411DB1D10149EBCB04CFD4D990BEEBBB8BF18314F50495DE421AB390DB746A54DBA1
                                                                                                                                                                                                                                          Function 6E15DDD0 Relevance: 9.1, APIs: 6, Instructions: 82memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DDFA
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DE24
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DE36
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DE48
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DE5A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15DE6C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                                                          • Opcode ID: e7fb4a344b1c338cbb5b8997ddc55e02659b136c6a83fa71ac8a57893fda8a4a
                                                                                                                                                                                                                                          • Instruction ID: 19c0639efa105e2a8b7dab1d7022835c1ce84ab0ba0f9997d8c71e456edf952e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7fb4a344b1c338cbb5b8997ddc55e02659b136c6a83fa71ac8a57893fda8a4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83318774600108EFCB48CF99C590E9DBBB5FF88258B648199E809AB352C730EE91DF94
                                                                                                                                                                                                                                          Function 6E18433F Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 6E18437A
                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 6E184388
                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 6E18439F
                                                                                                                                                                                                                                          • GetLastActivePopup.USER32(?), ref: 6E1843B9
                                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 6E1843CD
                                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 6E1843E0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 670545878-0
                                                                                                                                                                                                                                          • Opcode ID: 04fd8f567bb8136d6ac0843568187bdf6e5d5186b17d80dfd8efbfaa7da39b34
                                                                                                                                                                                                                                          • Instruction ID: e97f1fdd2085a654479fd03140eee91264eb3fc939c9a690bf51c4de86f4abee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04fd8f567bb8136d6ac0843568187bdf6e5d5186b17d80dfd8efbfaa7da39b34
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1115C36A057329BDB524BEA8884B1F76AD6F72B55B224124EC14E7204EF20DC827FD0
                                                                                                                                                                                                                                          Function 6E193E89 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000001,?,6E193D9A,6E18F31A,6E18F670,?,6E18F8A8,?,00000001,?,?,00000001,?,6E1C84D8,0000000C,6E18F9A1), ref: 6E193E97
                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E193EA5
                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E193EBE
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,6E18F8A8,?,00000001,?,?,00000001,?,6E1C84D8,0000000C,6E18F9A1,?,00000001,?), ref: 6E193F10
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                          • Opcode ID: eda833901338602f2c63bfbb0214c897ca85c635efb825b01b33b571942dc73b
                                                                                                                                                                                                                                          • Instruction ID: 39ad418bbe63e93a11eb38f9729e46424f770ae2b933bf7f9f36923a09e2070b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eda833901338602f2c63bfbb0214c897ca85c635efb825b01b33b571942dc73b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF01283260C7135DDA542AF99C8CD9F2F6DDB1367E330462AF028D62D8EF11488171D0
                                                                                                                                                                                                                                          Function 6E1870EF Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 215windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18AA2A: __EH_prolog3.LIBCMT ref: 6E18AA31
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000433,00000000,?), ref: 6E1872C7
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000FC), ref: 6E1872D2
                                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000FC), ref: 6E1872E6
                                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00000000), ref: 6E18730F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LongWindow$H_prolog3MessageSend
                                                                                                                                                                                                                                          • String ID: ,
                                                                                                                                                                                                                                          • API String ID: 4140968126-3772416878
                                                                                                                                                                                                                                          • Opcode ID: d911be07df9575e6ff8ee22e2d0b17ff675f14efab87ebc41e06f37445336521
                                                                                                                                                                                                                                          • Instruction ID: 37d52ebd1ea5b359c9c77bd827d5e2ca610ca7d772d9daaa6e6036c5c1dfc8f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d911be07df9575e6ff8ee22e2d0b17ff675f14efab87ebc41e06f37445336521
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8471D231B00615AFDB45DFF4C894A9FBBBABF59314B10056AE811DB691DB70E880EF90
                                                                                                                                                                                                                                          Function 6E18B1D4 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,?,00000000), ref: 6E18B20F
                                                                                                                                                                                                                                          • PathFindExtensionW.SHLWAPI(?), ref: 6E18B229
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExtensionFileFindModuleNamePath
                                                                                                                                                                                                                                          • String ID: .CHM$.HLP$.INI
                                                                                                                                                                                                                                          • API String ID: 2295281026-4017452060
                                                                                                                                                                                                                                          • Opcode ID: 693a84ce98e8ab65ff8ef5965a7c52aa27c14befe2122272858bf3634e48368d
                                                                                                                                                                                                                                          • Instruction ID: 24a0a57b427d266e010639a0704f9cc289f71c9918a469c39d76e168673dfd68
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 693a84ce98e8ab65ff8ef5965a7c52aa27c14befe2122272858bf3634e48368d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD416EB9A00B099ADB24DFF4C944A9B73FDAF14304F104DAAE956D6644EB70E5C4DF20
                                                                                                                                                                                                                                          Function 6E15ACF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E15ADF0
                                                                                                                                                                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 6E15ADFF
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: UuidCreate.RPCRT4(?), ref: 6E15A6F2
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: UuidToStringW.RPCRT4(?,00000000), ref: 6E15A710
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: RpcStringFreeW.RPCRT4(00000000), ref: 6E15A735
                                                                                                                                                                                                                                            • Part of subcall function 6E15A6B0: _DebugHeapAllocator.LIBCPMTD ref: 6E15A74E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15AE3A
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15AE9C
                                                                                                                                                                                                                                            • Part of subcall function 6E156420: _DebugHeapAllocator.LIBCPMTD ref: 6E15642E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • {"ignoreFailure": false,"uiDisabled" : false,"uiHidden" : false,"uiUnSelected" : false}, xrefs: 6E15AE91
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeapProcessorVirtual$Concurrency::RootRoot::StringUuid$Base::Concurrency::details::ContextCreateFreeIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: {"ignoreFailure": false,"uiDisabled" : false,"uiHidden" : false,"uiUnSelected" : false}
                                                                                                                                                                                                                                          • API String ID: 1953270982-1462386811
                                                                                                                                                                                                                                          • Opcode ID: cb8933e8df3d0ec965acf30b02a8ed8c2b4da76258ca8684b8295d1f91aa7899
                                                                                                                                                                                                                                          • Instruction ID: fed29d610cd8435e1963846e4e892a8ca16b2c80e0719198397e9ae9e230bb73
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb8933e8df3d0ec965acf30b02a8ed8c2b4da76258ca8684b8295d1f91aa7899
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91510BB0915159DBDF08DFD8C9647EEBBB5BF41308F14489DC0222B382CB755A54DBA2
                                                                                                                                                                                                                                          Function 6E17FC90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91memorysynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17FCBD
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6E17FD3F
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 6E17FD49
                                                                                                                                                                                                                                            • Part of subcall function 6E155860: _DebugHeapAllocator.LIBCPMTD ref: 6E1558B5
                                                                                                                                                                                                                                            • Part of subcall function 6E17FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E17FFF6
                                                                                                                                                                                                                                            • Part of subcall function 6E17FF60: _DebugHeapAllocator.LIBCPMTD ref: 6E180030
                                                                                                                                                                                                                                            • Part of subcall function 6E17F9B0: wsprintfW.USER32 ref: 6E17F9CD
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$CloseHandleObjectSingleWaitwsprintf
                                                                                                                                                                                                                                          • String ID: cf$un_
                                                                                                                                                                                                                                          • API String ID: 525538401-3070460261
                                                                                                                                                                                                                                          • Opcode ID: 5fd329ec438713c3dcf1b0a98ba7af70b748d273182c4ef1ab43986f41b82061
                                                                                                                                                                                                                                          • Instruction ID: 3a107135f5370adf2bd72fe249dc051fb0fbcba43ce9fe9a5d3181e24d32b3fc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fd329ec438713c3dcf1b0a98ba7af70b748d273182c4ef1ab43986f41b82061
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC316FB1900605EBCF14DFE4D808BAB3BE9AB5EB08F70455AE435962C0DB7459C4EB92
                                                                                                                                                                                                                                          Function 6E166A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$char_traits
                                                                                                                                                                                                                                          • String ID: [json.exception.
                                                                                                                                                                                                                                          • API String ID: 1455298312-791563284
                                                                                                                                                                                                                                          • Opcode ID: a8f1c92a6fcba9306fa5758a24068d2b2b6e4ade2792a5c6920b1707d27474c2
                                                                                                                                                                                                                                          • Instruction ID: 16c741ae4d78311f82a01866e8d273f9bfac677f619457fa591b4af32768a8fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8f1c92a6fcba9306fa5758a24068d2b2b6e4ade2792a5c6920b1707d27474c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF411DB5D00248EFDF24CFE8C944BDEBBB8BB58604F10859DE419A7241EB349A84DF51
                                                                                                                                                                                                                                          Function 6E161530 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E16155F
                                                                                                                                                                                                                                          • RegisterEventSourceW.ADVAPI32(00000000,SIB), ref: 6E161599
                                                                                                                                                                                                                                          • DeregisterEventSource.ADVAPI32(00000000), ref: 6E16162F
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EventSource$Base::Concurrency::details::ContextDeregisterIdentityQueueRegisterWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: SIB
                                                                                                                                                                                                                                          • API String ID: 2106344010-684891403
                                                                                                                                                                                                                                          • Opcode ID: 0b571c690c4e69be357e6d99a3fcde1ab5aadde929ef40f0a6234bab70720488
                                                                                                                                                                                                                                          • Instruction ID: 43ba3041c3571eff51b0975866323b8a20fbab109c73abec93eb6793ccef7361
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b571c690c4e69be357e6d99a3fcde1ab5aadde929ef40f0a6234bab70720488
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE3160B0E00209DBDB00CFD5C904BEEBBB5FF05308F108529E529AB2C0DB749A98DB95
                                                                                                                                                                                                                                          Function 6E153FF0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E154034
                                                                                                                                                                                                                                            • Part of subcall function 6E151390: _DebugHeapAllocator.LIBCPMTD ref: 6E1513CB
                                                                                                                                                                                                                                            • Part of subcall function 6E151390: std::ios_base::good.LIBCPMTD ref: 6E1513E3
                                                                                                                                                                                                                                            • Part of subcall function 6E151390: _DebugHeapAllocator.LIBCPMTD ref: 6E151457
                                                                                                                                                                                                                                            • Part of subcall function 6E151390: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E1514A5
                                                                                                                                                                                                                                            • Part of subcall function 6E151390: _DebugHeapAllocator.LIBCPMTD ref: 6E1514AE
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E15404F
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1540A1
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: Action canceled: %s$cond_ca%d
                                                                                                                                                                                                                                          • API String ID: 1085074254-4002317772
                                                                                                                                                                                                                                          • Opcode ID: a5b879f4fde0a631b62410e81747b25106b4024bdd251cbf7dd184313b14c9af
                                                                                                                                                                                                                                          • Instruction ID: 4350ee1b88dab8a3372ab31bb613429c8e0947a85180506e95500abea53bfd5a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5b879f4fde0a631b62410e81747b25106b4024bdd251cbf7dd184313b14c9af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 763140B1D14209DFCB04DFE8D941AEEBBB8BB18318F50455DE421AB380DB356A94DBA1
                                                                                                                                                                                                                                          Function 6E1A8ABE Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\user\Desktop\Software_Tool.exe, xrefs: 6E1A8AC3
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\Software_Tool.exe
                                                                                                                                                                                                                                          • API String ID: 0-1815485725
                                                                                                                                                                                                                                          • Opcode ID: c8dc94ec38e789552fd33911a17a0e97170cac07d2ed81687c22fae619104787
                                                                                                                                                                                                                                          • Instruction ID: e73cfc3583cf630c9e9413ee79b8fda367abcf786426642839942f27a399c334
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8dc94ec38e789552fd33911a17a0e97170cac07d2ed81687c22fae619104787
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C21BEB5618246AF9B10DFEDCC84DAB77ADFE013A87108A14EA5497190D730EC81A7A0
                                                                                                                                                                                                                                          Function 00406064 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060C7
                                                                                                                                                                                                                                          • CharNextW.USER32(?,?,?,00000000), ref: 004060D6
                                                                                                                                                                                                                                          • CharNextW.USER32(?,004E30C8,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060DB
                                                                                                                                                                                                                                          • CharPrevW.USER32(?,?,004CF0A0,004E30C8,00000000,00403804,004E30C8,-00000002,00403A37), ref: 004060EF
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                                          • Opcode ID: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                          • Instruction ID: be175804d259169a812840791ea7ca7df426672d81dd27f3292f2fdf866f60ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45da571b5baffeb551c3f596f843ba1ccba930a874212f5238eaf5e1151c3a30
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E311C81188022159DB30FB698C4497776F8AE55750716843FE9CAF32C1E7BCDC9182BD
                                                                                                                                                                                                                                          Function 6E166FB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B3A
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B46
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B52
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B61
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16702F
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16703B
                                                                                                                                                                                                                                          • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167050
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E167068
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: invalid_iterator
                                                                                                                                                                                                                                          • API String ID: 2520070614-2508626007
                                                                                                                                                                                                                                          • Opcode ID: 587739790d3bcf1ed6b2902a722024dd4a7eca04410d1519256793ee55883d92
                                                                                                                                                                                                                                          • Instruction ID: 5fe2e3516662fbe0bf8f91d25a6cdc77bbaa74b4283ef891f433f0460b243e8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 587739790d3bcf1ed6b2902a722024dd4a7eca04410d1519256793ee55883d92
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8212A71D0424CEBCB04DFE8CC54BDEBBB8FB58714F108629E416AB280DB346A45DB90
                                                                                                                                                                                                                                          Function 6E167200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B3A
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B46
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B52
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B61
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                          • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: out_of_range
                                                                                                                                                                                                                                          • API String ID: 2520070614-3053435996
                                                                                                                                                                                                                                          • Opcode ID: 97e4f304824bbec719d76d47c2685b485b20ffaeac0435bfd60d5466c73b7d01
                                                                                                                                                                                                                                          • Instruction ID: 7a9959609dd3ade3313683dec1a6612f685171054b24983bdc652417b93b3cb2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97e4f304824bbec719d76d47c2685b485b20ffaeac0435bfd60d5466c73b7d01
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8212A71D0424CEBCB04DFE8CC54BDEBBB8FB58714F108629E416AB280DB346A45DB90
                                                                                                                                                                                                                                          Function 6E167310 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B3A
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B46
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B52
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B61
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16738F
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16739B
                                                                                                                                                                                                                                          • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1673B0
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E1673C8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: other_error
                                                                                                                                                                                                                                          • API String ID: 2520070614-896093151
                                                                                                                                                                                                                                          • Opcode ID: 2f6f03c1037ad0c805555f870f95bc150fb0565d4b92faa149c9d8106de9ec74
                                                                                                                                                                                                                                          • Instruction ID: a18850edb471a71d721a789ff66a8f6cbfbb93918baff4546223a2bc9f5b7e25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f6f03c1037ad0c805555f870f95bc150fb0565d4b92faa149c9d8106de9ec74
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D21197190424CEBCB04DFE8C854BDEBBB8FB58714F108629E416AB280DB346A45DB91
                                                                                                                                                                                                                                          Function 6E1670F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B3A
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B46
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B52
                                                                                                                                                                                                                                            • Part of subcall function 6E166A40: task.LIBCPMTD ref: 6E166B61
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16716F
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16717B
                                                                                                                                                                                                                                          • Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167190
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E1671A8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error
                                                                                                                                                                                                                                          • String ID: type_error
                                                                                                                                                                                                                                          • API String ID: 2520070614-1406221190
                                                                                                                                                                                                                                          • Opcode ID: 9ebe4f89510ec6f65aec81bd5ba5735e72880120ef36e045bc5aafc8032bb3bf
                                                                                                                                                                                                                                          • Instruction ID: d452f324e06ec6b8ddddc3f3c6bb8f178939a589339c9e80d5d7d50ddce1c8df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ebe4f89510ec6f65aec81bd5ba5735e72880120ef36e045bc5aafc8032bb3bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B212A71D0424CEBCB04DFE8CC54BDEBBB8FB58714F108629E416AB280DB346A45DB90
                                                                                                                                                                                                                                          Function 6E194F2E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,6E194FEF,00000000,?,00000001,00000000,?,6E195066,00000001,FlsFree,6E1B976C,FlsFree,00000000), ref: 6E194FBE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                          • Opcode ID: a7f1cae7e43cc52e9c8b578fe07f21db042a01313e3c6ef05aeb070df6feeb8d
                                                                                                                                                                                                                                          • Instruction ID: 2e3d7662bdba466f82cd1c4d93dd12c31dc10df31b72cef94bf50e90e560bc1d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7f1cae7e43cc52e9c8b578fe07f21db042a01313e3c6ef05aeb070df6feeb8d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C11E731945627ABDF128BEDDC84BC933A8AF12766F210110F934EB2C0E670ED42B6D0
                                                                                                                                                                                                                                          Function 6E158130 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registrylibraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(Advapi32.dll,00000000,00020019,00000000,00020019,00000000), ref: 6E158146
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 6E158165
                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(00020019,00000000,?,?,?,00000000,00020019,00000000,00020019,00000000), ref: 6E1581B4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressHandleModuleOpenProc
                                                                                                                                                                                                                                          • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                                                                                          • API String ID: 1337834000-3913318428
                                                                                                                                                                                                                                          • Opcode ID: 6320aff70bf6c66c056dcc2fd8395be4c64d065d0aa06f16b0fbc23c870b2f21
                                                                                                                                                                                                                                          • Instruction ID: 01cba69b057dacb79c6839f015a7b18ebcc78739543f8ff29d8a3af4a4f09ef1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6320aff70bf6c66c056dcc2fd8395be4c64d065d0aa06f16b0fbc23c870b2f21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4511E9B5A54149EFCB04DFD8D884F9E77B5AB49301F108168F9259B340C7349D90EBA5
                                                                                                                                                                                                                                          Function 6E1815A8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryfileloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,?,00000000,00000000,00000014,6E181199,?,000000FF,00000000,00000000,00000004,6E15C342), ref: 6E1815BB
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 6E1815CB
                                                                                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,00000000,6E15C342,00000004,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000014,6E181199), ref: 6E181614
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressCreateFileHandleModuleProc
                                                                                                                                                                                                                                          • String ID: CreateFileTransactedW$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 2580138172-2053874626
                                                                                                                                                                                                                                          • Opcode ID: 3909d1730c327657d2d7f8717366ac329a20f55939cdf375dc8a963b31b4f949
                                                                                                                                                                                                                                          • Instruction ID: 847f761a7448fc4230103da264667c915804e9a265260b7ecc1806b8d30ab04e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3909d1730c327657d2d7f8717366ac329a20f55939cdf375dc8a963b31b4f949
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B701D37710094AFF9F021FD4CC44CAB3F6AFF692917248129FA6055122CB72C8A5BF64
                                                                                                                                                                                                                                          Function 6E17EB70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42memorywindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,00000000,00000000,00000000), ref: 6E17EBA6
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,00000000), ref: 6E17EBC5
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EBBC
                                                                                                                                                                                                                                            • Part of subcall function 6E158FD0: _DebugHeapAllocator.LIBCPMTD ref: 6E158FDE
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EBF0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$FormatFreeLocalMessage
                                                                                                                                                                                                                                          • String ID: Unknown Windows Error
                                                                                                                                                                                                                                          • API String ID: 3419676974-828601449
                                                                                                                                                                                                                                          • Opcode ID: 48ef7a8caf410a8121b9ab282d10434223b2435fb2afa1d195a3a0eda23f4f4f
                                                                                                                                                                                                                                          • Instruction ID: 31aa9e897865d71f6a334f4dc7a727b7d186ec1e7ffbcf3c94dae2982653c49c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48ef7a8caf410a8121b9ab282d10434223b2435fb2afa1d195a3a0eda23f4f4f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3101E9B4A40208EBEB14DFD0C855BEE7BB9AB48744F108459E6156B2C0CBB5AB81DB91
                                                                                                                                                                                                                                          Function 6E1A25F6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E1A25A8,?,?,6E1A2570,?,?,?), ref: 6E1A260B
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6E1A261E
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,6E1A25A8,?,?,6E1A2570,?,?,?), ref: 6E1A2641
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: 54f64661f878d7441ce76f881de88835eef247f1573612eb274d95d49a29fd09
                                                                                                                                                                                                                                          • Instruction ID: c35e372b54a11995935904559b2a4a4f01693408d80f6d5072c2dba2158518bc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54f64661f878d7441ce76f881de88835eef247f1573612eb274d95d49a29fd09
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DEF08C74502519FBDF429BD1CD0DBEE7A7AEF11396F104060E918A3150CB318E80FB94
                                                                                                                                                                                                                                          Function 6E151980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 6E151997
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000), ref: 6E15199E
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000), ref: 6E1519B1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                          • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                          • API String ID: 4190356694-3789238822
                                                                                                                                                                                                                                          • Opcode ID: 09801df50e8a9352d0c7bf437da198390935014690239a3c470c005233346edb
                                                                                                                                                                                                                                          • Instruction ID: c5cbc5030f1b428a51367def335295bf84f9c095017cd64f31dd285713bcaca7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09801df50e8a9352d0c7bf437da198390935014690239a3c470c005233346edb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94E09279802608EBCF01AFE0C94DA9EBBB8AF09206F508595E902A7240DA345A94AB55
                                                                                                                                                                                                                                          Function 6E1866F8 Relevance: 7.6, APIs: 5, Instructions: 143windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E1866FF
                                                                                                                                                                                                                                            • Part of subcall function 6E1880A9: SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6E1880E3
                                                                                                                                                                                                                                            • Part of subcall function 6E1880A9: SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6E18810D
                                                                                                                                                                                                                                            • Part of subcall function 6E1880A9: GetCapture.USER32 ref: 6E188123
                                                                                                                                                                                                                                            • Part of subcall function 6E1880A9: SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 6E188132
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 6E1867D8
                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 6E186815
                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,00000000,00000000), ref: 6E186828
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 6E186875
                                                                                                                                                                                                                                            • Part of subcall function 6E18424A: __EH_prolog3.LIBCMT ref: 6E184251
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageRectSend$ClientH_prolog3$AdjustCaptureMenuWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2126229686-0
                                                                                                                                                                                                                                          • Opcode ID: e92f42e405cc4aee4686bb2470cbfa93f8766983f11a472da7ea0242143d1863
                                                                                                                                                                                                                                          • Instruction ID: afaa30fea9497e7f65fe441233584e130424fb2603a65fe87174d3008adddf93
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e92f42e405cc4aee4686bb2470cbfa93f8766983f11a472da7ea0242143d1863
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7041A171A10219AFDB40DFE5C944EEFBBBEEF45614F104469E815AB290DB309980EF91
                                                                                                                                                                                                                                          Function 6E17D2F8 Relevance: 7.6, APIs: 5, Instructions: 106memorywindowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014D,00000000,00000000), ref: 6E17D31E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17D333
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?), ref: 6E17D35E
                                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 6E17D41C
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17D437
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$EnvironmentExpandFreeMessageSendStringStrings
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3215235362-0
                                                                                                                                                                                                                                          • Opcode ID: 11fa7c6de5d7f2e156573979a01128a71730c720cb1bd4dbf81781d50db88646
                                                                                                                                                                                                                                          • Instruction ID: feff678177bc74de7811119e703aceb392001c8166da2a4f2e7dcb0c4ac808c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11fa7c6de5d7f2e156573979a01128a71730c720cb1bd4dbf81781d50db88646
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61415AB0904108DFDF14CBA4D890BDDBB78AF15718F548598E45AAB280DB70AAC5DFA1
                                                                                                                                                                                                                                          Function 0040149D Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 004014BF
                                                                                                                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014FB
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401504
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00401529
                                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00401547
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                                          • Opcode ID: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                          • Instruction ID: c67b0bc93acae55c3864b02ebd95f02f7c15995ce12be8144693d1f813214158
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a270dabeadf4e4f1a4763114e85c5fdf2352e77b68d80cc92c62b7e226f3bc1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB117976500008FFDF119F90ED859AA3B7AFB84348F004476FA0AB5070D3358E509A29
                                                                                                                                                                                                                                          Function 6E181626 Relevance: 7.6, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __EH_prolog3.LIBCMT ref: 6E18162D
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002,00000008), ref: 6E181661
                                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000), ref: 6E18166B
                                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000), ref: 6E181672
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?), ref: 6E181696
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentProcess$DuplicateErrorH_prolog3HandleLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2082106130-0
                                                                                                                                                                                                                                          • Opcode ID: 65db5907852b4ba7a21fa40f5c6eb46e2754a644ace16698c4b1e3e7d99a4d51
                                                                                                                                                                                                                                          • Instruction ID: b51114eb37b0f4ad35ceea5b7e9e087372135045df626537d8fd2d0d220e7aba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65db5907852b4ba7a21fa40f5c6eb46e2754a644ace16698c4b1e3e7d99a4d51
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74117371B01605EBCF00DFF4C848A5E7BAAAF48710B248554E835DB241DB70DC80EF90
                                                                                                                                                                                                                                          Function 6E18A56B Relevance: 7.5, APIs: 5, Instructions: 48COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • TlsFree.KERNEL32(?,A4C33E3A,?,?,?,Function_000620C0,000000FF), ref: 6E18A5B2
                                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(00000000), ref: 6E18A5C1
                                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 6E18A5CA
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 6E18A5D1
                                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?,A4C33E3A,?,?,?,Function_000620C0,000000FF), ref: 6E18A5DB
                                                                                                                                                                                                                                            • Part of subcall function 6E18A838: EnterCriticalSection.KERNEL32(6E1CE860,6E1CE844,006E5160,6E1CE860), ref: 6E18A8B3
                                                                                                                                                                                                                                            • Part of subcall function 6E18A838: LeaveCriticalSection.KERNEL32(6E1CE860,?), ref: 6E18A8C6
                                                                                                                                                                                                                                            • Part of subcall function 6E18A838: LocalFree.KERNEL32(00000000), ref: 6E18A8CF
                                                                                                                                                                                                                                            • Part of subcall function 6E18A838: TlsSetValue.KERNEL32(?,00000000), ref: 6E18A8EB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1549993015-0
                                                                                                                                                                                                                                          • Opcode ID: 5172f7215546e639de68020b53a0b9fcd7ed310ac095784c53b6eea896547c02
                                                                                                                                                                                                                                          • Instruction ID: 45ca6292b0ef6cf1b73a34447cc62d8908768aa4eb965cc92c864e170523a4d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5172f7215546e639de68020b53a0b9fcd7ed310ac095784c53b6eea896547c02
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8019671601A02EFCB518F64C808B5A77BDFF45721F104625E811D36D0DB34A881DB90
                                                                                                                                                                                                                                          Function 6E1AB494 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB4AC
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB4BE
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB4D0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB4E2
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AB4F4
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 4552d8a57a22213baab1f6e1587e3a46b105c1a3f67d62030e0edd92c7741601
                                                                                                                                                                                                                                          • Instruction ID: 8c06a1b80ae146aad32675b2d0f2ff8d1f09941c4a8e3d6a3d75a4294b552102
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4552d8a57a22213baab1f6e1587e3a46b105c1a3f67d62030e0edd92c7741601
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70F06275804789978AA0DAEED198D7E7BEDAA11B107608C0DF217E7504CB34F8C16AA0
                                                                                                                                                                                                                                          Function 0040209F Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?), ref: 004020A3
                                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 004020B0
                                                                                                                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 004020D1
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 004020DF
                                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 004020EE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                                          • Opcode ID: fbfd7a6a6085d398f7947defe9e72fce66e027f12e5118b4d0e8a3d4981e6075
                                                                                                                                                                                                                                          • Instruction ID: 8f71947f799b2f64a69df86d2a8dcb393400c967cd863db52f2ee5b4f8782dab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbfd7a6a6085d398f7947defe9e72fce66e027f12e5118b4d0e8a3d4981e6075
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DF012B2A00104BFE700EBA4EE89DEFBBBCEB04305B104575F502F6162C6759E418B28
                                                                                                                                                                                                                                          Function 6E1A2684 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\Software_Tool.exe$p%d
                                                                                                                                                                                                                                          • API String ID: 0-2203908580
                                                                                                                                                                                                                                          • Opcode ID: 3f2d4e7cc8e4c68ee0604819791e3c9bafa855906869de96ffc751d151a0d65f
                                                                                                                                                                                                                                          • Instruction ID: 590c0d0cf2fa6e6aac55bee60c44416f3a2668e0a187108eba91f417cb4be6fb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f2d4e7cc8e4c68ee0604819791e3c9bafa855906869de96ffc751d151a0d65f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA41A6B5A00254AFDB11DFDEC8849BEBBFCEBA9714F20045AEA14D7240D7704B81E750
                                                                                                                                                                                                                                          Function 6E16C6A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16C742
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16716F
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16717B
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167190
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E1671A8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16C7C2
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16C7D1
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • cannot use operator[] with a string argument with , xrefs: 6E16C774
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID: cannot use operator[] with a string argument with
                                                                                                                                                                                                                                          • API String ID: 865528258-2766135566
                                                                                                                                                                                                                                          • Opcode ID: 0bbfc791386048ee7ff7f45c5b62800af87f3f4f295ac7f8bc4bb01daf0907f6
                                                                                                                                                                                                                                          • Instruction ID: 8c5d8ace4d598006db41345af41f8248c6fe744b4e3090d923455507ecf29d63
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bbfc791386048ee7ff7f45c5b62800af87f3f4f295ac7f8bc4bb01daf0907f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F14128B5D00208DFDB14CFE4D890AEEF7B9FB58704F108669D415AB281EB746A85EB90
                                                                                                                                                                                                                                          Function 6E155440 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: '$msiexec
                                                                                                                                                                                                                                          • API String ID: 2086788075-343622087
                                                                                                                                                                                                                                          • Opcode ID: 886b717daf59763e11ebcd3e591074aa0b623ed270d3aff3338302f6193ea6af
                                                                                                                                                                                                                                          • Instruction ID: d8551457c38b24b3b48501eaa084a570abd1f6bf4926b4037ddea8aeb09a5bcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 886b717daf59763e11ebcd3e591074aa0b623ed270d3aff3338302f6193ea6af
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC410DB090020CEBCB04DFD4D894BDEBBB8AB14324F508659E4356B3D0DB346B95DB90
                                                                                                                                                                                                                                          Function 00401F80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401FE6
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401FFE
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                          • String ID: !
                                                                                                                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                          • Opcode ID: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                          • Instruction ID: 6a5c1514d43e21eed083d94b15ba6593763dc9af2b3e6337d8774d5f4809249f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e47ff439633ded3fb17ec5eecd0e1b6806a5c9fa211e2190a11df636c871b995
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56217171900209BADF15AFB4D886ABE7BB9EF04349F10413EF602F60E2D6794A40D758
                                                                                                                                                                                                                                          Function 6E16E67C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: std::ios_base::good.LIBCPMTD ref: 6E1697C2
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E16984A
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E169859
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D2C
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D38
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D47
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D56
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D65
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D71
                                                                                                                                                                                                                                            • Part of subcall function 6E169B60: task.LIBCPMTD ref: 6E169C5C
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E773
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E791
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16E7A0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$std::ios_base::good
                                                                                                                                                                                                                                          • String ID: value
                                                                                                                                                                                                                                          • API String ID: 683101471-494360628
                                                                                                                                                                                                                                          • Opcode ID: 88a64d107e46b529026046df4e5647bef8a35a72122a9967ce969978e00ef68d
                                                                                                                                                                                                                                          • Instruction ID: c5a6a1714bffb288d84a8b38cb80478bbcb5ec0a9950ca632f5ab320ca23ef51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88a64d107e46b529026046df4e5647bef8a35a72122a9967ce969978e00ef68d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF41467090526CABDB29CBA4CD64BEEB7B8AF58304F4085D9D049A7281DB301FD4EF91
                                                                                                                                                                                                                                          Function 6E16D45C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: std::ios_base::good.LIBCPMTD ref: 6E1697C2
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E16984A
                                                                                                                                                                                                                                            • Part of subcall function 6E169770: task.LIBCPMTD ref: 6E169859
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D2C
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D38
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D47
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D56
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D65
                                                                                                                                                                                                                                            • Part of subcall function 6E166BE0: task.LIBCPMTD ref: 6E166D71
                                                                                                                                                                                                                                            • Part of subcall function 6E169B60: task.LIBCPMTD ref: 6E169C5C
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D553
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D571
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16D580
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$std::ios_base::good
                                                                                                                                                                                                                                          • String ID: value
                                                                                                                                                                                                                                          • API String ID: 683101471-494360628
                                                                                                                                                                                                                                          • Opcode ID: 120a4dcfae8073fb95424da032e4f81a552c7e416dc470662e715646aad8a0f5
                                                                                                                                                                                                                                          • Instruction ID: 5b3caf4d1ba8c04272beca787996bff4ccb63f6e70901ce7dad70a4519f8ea62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 120a4dcfae8073fb95424da032e4f81a552c7e416dc470662e715646aad8a0f5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE41467090526CABDB29DBA4CD64BEEB7B8AF58304F4085D9D049A7281DB301FC4EF91
                                                                                                                                                                                                                                          Function 6E17FF60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17FFF6
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E180030
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID: 8f$install
                                                                                                                                                                                                                                          • API String ID: 571936431-1066899472
                                                                                                                                                                                                                                          • Opcode ID: 25b34032b6c5c674f315f04fae37bf87201d24c410d3294069c54497b96997f4
                                                                                                                                                                                                                                          • Instruction ID: 0d823bb168e0976b5405b51785a82393cc5827baaafa01086a6de025adee3e67
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 25b34032b6c5c674f315f04fae37bf87201d24c410d3294069c54497b96997f4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 263181B1C04248EBCF10CFE8C5557DEBFF8AB1A714F208559E425A7381DB341A84DBA2
                                                                                                                                                                                                                                          Function 6E165930 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E165B30: GetVersionExW.KERNEL32(00000114,?,?,A4C33E3A), ref: 6E165BAD
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1659E1
                                                                                                                                                                                                                                            • Part of subcall function 6E15C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E15C8F8
                                                                                                                                                                                                                                            • Part of subcall function 6E15C8C0: _DebugHeapAllocator.LIBCPMTD ref: 6E15C93A
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1659C6
                                                                                                                                                                                                                                            • Part of subcall function 6E15C990: _DebugHeapAllocator.LIBCPMTD ref: 6E15C99E
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueVersionWork
                                                                                                                                                                                                                                          • String ID: &el=$&t=event&ec=%s&ea=%s
                                                                                                                                                                                                                                          • API String ID: 4008444466-3400884953
                                                                                                                                                                                                                                          • Opcode ID: 9a67bc79ebd6979ae7339233780e2e4eee87d22014c8f2d4ff47040ca1c1455c
                                                                                                                                                                                                                                          • Instruction ID: 6e4eff98e51b20a99a72971b66b67688e4528306cb43a0b0da8596825be8f8d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a67bc79ebd6979ae7339233780e2e4eee87d22014c8f2d4ff47040ca1c1455c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E13173F1C04249EBCB04CFE4DC44AEFBB78AB14208F54895CE8259B381EB346754D791
                                                                                                                                                                                                                                          Function 6E190678 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959), ref: 6E190696
                                                                                                                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959,?,?,?,6E1910B2,00000001), ref: 6E19069D
                                                                                                                                                                                                                                            • Part of subcall function 6E1905FA: GetProcessHeap.KERNEL32(?,?,?,6E1908DB,?,00000001,6E1910B2,?,?,6E190959,?,?,?,6E1910B2,00000001,?), ref: 6E19060B
                                                                                                                                                                                                                                            • Part of subcall function 6E1905FA: HeapAlloc.KERNEL32(00000000,?,6E1908DB,?,00000001,6E1910B2,?,?,6E190959,?,?,?,6E1910B2,00000001,?,74DEE010), ref: 6E190612
                                                                                                                                                                                                                                            • Part of subcall function 6E190736: GetProcessHeap.KERNEL32(00000000,?,?,6E1906C2,?,?,6E1910B2,?,6E1908BD,?,?,00000000,?,6E1910B2,?), ref: 6E19073E
                                                                                                                                                                                                                                            • Part of subcall function 6E190736: HeapSize.KERNEL32(00000000,?,6E1906C2,?,?,6E1910B2,?,6E1908BD,?,?,00000000,?,6E1910B2,?,?,6E190959), ref: 6E190745
                                                                                                                                                                                                                                          • _memcpy_s.LIBCMT ref: 6E1906E9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • c:\agent\_work\66\s\src\libs\dutil\memutil.cpp, xrefs: 6E19072A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Heap$Process$Alloc$Size_memcpy_s
                                                                                                                                                                                                                                          • String ID: c:\agent\_work\66\s\src\libs\dutil\memutil.cpp
                                                                                                                                                                                                                                          • API String ID: 1169258713-1758765531
                                                                                                                                                                                                                                          • Opcode ID: 474886d1c30f1a355f42c56be4f603b4200eebceeae03c1d7b3d67125fb02f1d
                                                                                                                                                                                                                                          • Instruction ID: fe7e75a205aff74a54221427cddfe2be341e10bf3821b17dd34e65325dfec909
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 474886d1c30f1a355f42c56be4f603b4200eebceeae03c1d7b3d67125fb02f1d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3113332501519AFCB068EF8CC9499F3A6EEF81734B118A14F9648B250F731CCE1BAE0
                                                                                                                                                                                                                                          Function 004043D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00451D98,%u.%u%s%s,?,00000000,00000000,?,FFFFFFDC,00000000,?,000000DF,00451D98,?), ref: 00404476
                                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00404483
                                                                                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00451D98,000000DF), ref: 00404496
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                          • Opcode ID: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                          • Instruction ID: 019992b557dc20c415266b5889428492ee6a52d86c3b4952972254649920ef77
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a810ffe09f2dc908503b2f58e47bd406bb4654f19e43ddd30bdf0acdc5011288
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11527270021477CF10AA699D45F9E765EEBC5334F10423BF519F31E1D6388A158259
                                                                                                                                                                                                                                          Function 6E1712A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ListMutex_baseMutex_base::~_std::_task
                                                                                                                                                                                                                                          • String ID: cannot get value
                                                                                                                                                                                                                                          • API String ID: 3357306528-2333289761
                                                                                                                                                                                                                                          • Opcode ID: 07c4b64d0fb9f25914abceac1e27a788959a9f9ed1d16794bae18b470a501d37
                                                                                                                                                                                                                                          • Instruction ID: c120d9e111e7568c5db89b88d6bd5d2360e1e1113e13a9d7f13389f857778966
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07c4b64d0fb9f25914abceac1e27a788959a9f9ed1d16794bae18b470a501d37
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5621B370E041489FCF14CBE8D860BEDB7B9EF09B18F10455AD822A7381DB345888EB61
                                                                                                                                                                                                                                          Function 004027E3 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60registryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00401553: RegOpenKeyExW.ADVAPI32(?,00000000,00000022,00000000,?,?), ref: 0040158B
                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 0040282E
                                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040280E
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • DeleteRegKey: "%s\%s", xrefs: 00402843
                                                                                                                                                                                                                                          • DeleteRegValue: "%s\%s" "%s", xrefs: 00402820
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseDeleteOpenValuelstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: DeleteRegKey: "%s\%s"$DeleteRegValue: "%s\%s" "%s"
                                                                                                                                                                                                                                          • API String ID: 1697273262-1764544995
                                                                                                                                                                                                                                          • Opcode ID: f70a225c52dc94088ec55034452069e5f0159b4652b3b317631306071439071b
                                                                                                                                                                                                                                          • Instruction ID: 70287f52249eeba914cab3bee2f8f529b2cd5257afac1a85b0186071c419a2a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f70a225c52dc94088ec55034452069e5f0159b4652b3b317631306071439071b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2511E732E00200ABDB10FFA5DD4AABE3A64EF40354F10403FF50AB61D2D6798E50C6AD
                                                                                                                                                                                                                                          Function 00402665 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindFirstFileW.KERNELBASE(00461E18,00466A20,00461E18,004067FA,00461E18), ref: 0040630C
                                                                                                                                                                                                                                            • Part of subcall function 00406301: FindClose.KERNEL32(00000000), ref: 00406318
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32 ref: 004026B4
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 004026C1
                                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004026EC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrlen$FileFind$CloseFirstOperationwvsprintf
                                                                                                                                                                                                                                          • String ID: CopyFiles "%s"->"%s"
                                                                                                                                                                                                                                          • API String ID: 2577523808-3778932970
                                                                                                                                                                                                                                          • Opcode ID: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                                                                                                          • Instruction ID: 7c1d43f40acf3f33c375e3424532232737b5c7d4dc38a4161669d523a66d0fcf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76b1160061a8bcde82d673e25faa9719cd8acd17af1c4b15f649e1f749d05235
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A114F71D00214AADB10FFF6984699FBBBCAF44354B10843BA502F72D2E67989418759
                                                                                                                                                                                                                                          Function 00406250 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrcatwsprintf
                                                                                                                                                                                                                                          • String ID: %02x%c$...
                                                                                                                                                                                                                                          • API String ID: 3065427908-1057055748
                                                                                                                                                                                                                                          • Opcode ID: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                          • Instruction ID: 9bf571533c0fd83e5fe1ff618cfd19ea7d9613251e6e948213dceada22d50e27
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e028bc25539a6ddd5d675d42839d030ce8218c39fe920002d96002040e934ce0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E201D272510219BFCB01DF98CC44A9EBBB9EF84714F20817AF806F3280D2799EA48794
                                                                                                                                                                                                                                          Function 6E184F78 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18BA4E: EnterCriticalSection.KERNEL32(6E1CEA20,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BA7F
                                                                                                                                                                                                                                            • Part of subcall function 6E18BA4E: InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BA95
                                                                                                                                                                                                                                            • Part of subcall function 6E18BA4E: LeaveCriticalSection.KERNEL32(6E1CEA20,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BAA3
                                                                                                                                                                                                                                            • Part of subcall function 6E18BA4E: EnterCriticalSection.KERNEL32(00000000,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2,6E158A38), ref: 6E18BAB0
                                                                                                                                                                                                                                            • Part of subcall function 6E18A9CE: __EH_prolog3_catch.LIBCMT ref: 6E18A9D5
                                                                                                                                                                                                                                            • Part of subcall function 6E185997: GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6E1859BD
                                                                                                                                                                                                                                            • Part of subcall function 6E185997: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 6E1859CD
                                                                                                                                                                                                                                            • Part of subcall function 6E185997: EncodePointer.KERNEL32(00000000,?,00000000), ref: 6E1859D6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpW), ref: 6E184FBA
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,Function_00030A4D), ref: 6E184FCA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$AddressEnterProc$EncodeFreeH_prolog3_catchHandleInitializeLeaveLibraryModulePointer
                                                                                                                                                                                                                                          • String ID: HtmlHelpW$hhctrl.ocx
                                                                                                                                                                                                                                          • API String ID: 849444252-3773518134
                                                                                                                                                                                                                                          • Opcode ID: 12474598834582b3f565868ae70e32f0013d7943279797c9a855bd6bc9e6ca47
                                                                                                                                                                                                                                          • Instruction ID: e1af08b22bbb7f174c9abe5d91ae414d8a80e06c791dc88792bdb36162b71a8d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12474598834582b3f565868ae70e32f0013d7943279797c9a855bd6bc9e6ca47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB01F731504706EBDB219FE5CC18B8B7BA9AF01356F008829F956A5650DF30DCD1FE91
                                                                                                                                                                                                                                          Function 00402713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00406035: lstrcpynW.KERNEL32(?,?,00002004,0040391D,00476AA0,NSIS Error), ref: 00406042
                                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,00000000), ref: 0040278C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: PrivateProfileStringWritelstrcpyn
                                                                                                                                                                                                                                          • String ID: <RM>$WriteINIStr: wrote [%s] %s=%s in %s$install
                                                                                                                                                                                                                                          • API String ID: 247603264-573752738
                                                                                                                                                                                                                                          • Opcode ID: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                          • Instruction ID: 073f588d32262f2f2aee4dc53e9f390c64699363c3e1a285ed73a3087a8005e5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c5828c37d5dac6f57dc8390ef1c26791cf4c32ef29eebf51540eb2f0813f71ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF014471D4022AABCB117FA68DC99EE7978AF08345B10403FF115761E3D7B80940CBAD
                                                                                                                                                                                                                                          Function 00405073 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00405083
                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                          • OleUninitialize.OLE32(00000404,00000000), ref: 004050D1
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeMessageSendUninitializelstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: Section: "%s"$Skipping section: "%s"
                                                                                                                                                                                                                                          • API String ID: 2266616436-4211696005
                                                                                                                                                                                                                                          • Opcode ID: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                          • Instruction ID: 3a4ae3dd184d198318ece42e1af7a5bc75ccdc2bd7a030bb5b2a43e0dda7b67b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08831c163c79f6045eee3939d78ed76b32885a7039adc7eb93c092c170fa4538
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EF0F433504300ABE7106766AC02B1A7BA0EF84724F25017FFA09721E2DB7928418EAD
                                                                                                                                                                                                                                          Function 6E18C4DF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?), ref: 6E18C4F6
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetFileAttributesTransactedW), ref: 6E18C506
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                          • String ID: GetFileAttributesTransactedW$kernel32.dll
                                                                                                                                                                                                                                          • API String ID: 1646373207-1378992308
                                                                                                                                                                                                                                          • Opcode ID: 7446e49b2fdb2a2d92bcad3fcd2a88b78b3b8f8bc7bd69d29045cb366b93d243
                                                                                                                                                                                                                                          • Instruction ID: 837e10c21c570f3e9f60f83ff54ec0aebd53f50db9d6495520b06310c481eec7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7446e49b2fdb2a2d92bcad3fcd2a88b78b3b8f8bc7bd69d29045cb366b93d243
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56F0F07220260BDFEF411FE0EC18BAB77E9EF2A212F10822BF51089550C7718890FE81
                                                                                                                                                                                                                                          Function 6E1A3D36 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _strrchr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3213747228-0
                                                                                                                                                                                                                                          • Opcode ID: 2bffd83b93b42123345f3970eab2e24b2b748240668ca800f5cac74d8137e5be
                                                                                                                                                                                                                                          • Instruction ID: c04fbfc57083f2132d4b522c2c78ed702a32d6def8c62f9875091f4e2505bb1f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2bffd83b93b42123345f3970eab2e24b2b748240668ca800f5cac74d8137e5be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97B1343A9142869FDB01CFACC8947FEBBF5EF55300F21846AE6549B241D6348D83EB61
                                                                                                                                                                                                                                          Function 6E187F00 Relevance: 6.3, APIs: 4, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: da8e4b655e5a234ad8c8a88bd1c0cee8e6048fb236c48d7f8e18a4a9200da894
                                                                                                                                                                                                                                          • Instruction ID: cbc389d20dc006ac58f798de20b3f1f691525472e9a2ea51925a13dc712934cf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da8e4b655e5a234ad8c8a88bd1c0cee8e6048fb236c48d7f8e18a4a9200da894
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6971D2262146D24AD711CFE64B856DF7E957B11A54B04095EA3A0C73F2CF219FC1BE90
                                                                                                                                                                                                                                          Function 6E193F69 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                          • Opcode ID: 2e3b71408410769c79b3460a59b6bed3ea849814a77883dee7de86766749fbea
                                                                                                                                                                                                                                          • Instruction ID: 4eadfd8ae112cc2e148f29a34cec8664cc4e971f18f1710ca1510a9014f4404a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e3b71408410769c79b3460a59b6bed3ea849814a77883dee7de86766749fbea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2251D1726012069FEB14CF94D894BEA77B9EF14314F244529E8268B690E731ECC2FB91
                                                                                                                                                                                                                                          Function 6E17ED20 Relevance: 6.1, APIs: 4, Instructions: 143memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E17EDAE
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                                                          • Opcode ID: 0d3614f0aede2c9b9bdd8148d9061b039d996ef294bdf7698e7f3205b00d37ff
                                                                                                                                                                                                                                          • Instruction ID: fcf32a97e77648ad8c40d464f1c5bc0b2a70fe588c6250156503824c04074677
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d3614f0aede2c9b9bdd8148d9061b039d996ef294bdf7698e7f3205b00d37ff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9512CB0910109DFCF14CFE8C951AEEBBB8FF15714F508A19E425AB2D0DB306A85EB91
                                                                                                                                                                                                                                          Function 6E1AE416 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AE4E6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1AE50F
                                                                                                                                                                                                                                          • SetEndOfFile.KERNEL32(00000000,6E1AC606,00000000,6E1AC80F,?,?,?,?,?,?,?,6E1AC606,6E1AC80F,00000000), ref: 6E1AE541
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,6E1AC606,6E1AC80F,00000000,?,?,?,?,00000000), ref: 6E1AE55D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1547350101-0
                                                                                                                                                                                                                                          • Opcode ID: 4bc437f5251d260d5d939602be92e11bbd18a9ba75efc4b0204d0bd116c12b88
                                                                                                                                                                                                                                          • Instruction ID: 118ae9986edab657b3d6a87a288f667b2c210504a870043cf974806753551df7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bc437f5251d260d5d939602be92e11bbd18a9ba75efc4b0204d0bd116c12b88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7441A3BE9046059BDB11EBEDDC40BED377EAF45324F240914E625EB190EB34DAC1AB21
                                                                                                                                                                                                                                          Function 6E1A767A Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4ac9a155517e526d56dc8b6830266ae4a4411bfe9b081ac08b7f71f867f4f0ca
                                                                                                                                                                                                                                          • Instruction ID: 5b6bfdb5333adfe8d4845c36f9b5f67f7679d1169b47942922ad0701d0c5c994
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac9a155517e526d56dc8b6830266ae4a4411bfe9b081ac08b7f71f867f4f0ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6441CDB6600744AFE714DFFCCC44BAA7BADEB48714F10492AE215DB2C4D7719A819790
                                                                                                                                                                                                                                          Function 6E186769 Relevance: 6.1, APIs: 4, Instructions: 111windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E18A318: GetWindowLongW.USER32(?,000000F0), ref: 6E18A325
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 6E1867D8
                                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 6E186815
                                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,00000000,00000000), ref: 6E186828
                                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 6E186875
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Rect$ClientWindow$AdjustLongMenu
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3435883281-0
                                                                                                                                                                                                                                          • Opcode ID: 2fc29cb879989448f48eb5992ae793d0eed639603c990656ce4066c3ab62b081
                                                                                                                                                                                                                                          • Instruction ID: f142a115d81c8df037381caf24778a2a764e2706a78d997e98b1782e955d1170
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc29cb879989448f48eb5992ae793d0eed639603c990656ce4066c3ab62b081
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8316F71E10719AFDB40DFE9C948AAFBBBDEF59614F104459E805E7240DB30A980EF91
                                                                                                                                                                                                                                          Function 6E1A842A Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E19ED5D: _free.LIBCMT ref: 6E19ED6B
                                                                                                                                                                                                                                            • Part of subcall function 6E1A6B65: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,6E1ADC1C,?,00000000,00000000), ref: 6E1A6C07
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6E1A8492
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1A8499
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E1A84D8
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E1A84DF
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 167067550-0
                                                                                                                                                                                                                                          • Opcode ID: 8dc78da66599f618aadcdb77ef18d91313758c75ede9038c844052557a7f8903
                                                                                                                                                                                                                                          • Instruction ID: f193277f5909ead6b4b973b8c21ee5e7e0459bd1267f7ac2368f47999203ed57
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc78da66599f618aadcdb77ef18d91313758c75ede9038c844052557a7f8903
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D621C875604645AFDB50DFED8C88A6BB7ADFF05368710891CEA2997140DB30ECD0A760
                                                                                                                                                                                                                                          Function 6E15B790 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B830
                                                                                                                                                                                                                                            • Part of subcall function 6E15C970: _DebugHeapAllocator.LIBCPMTD ref: 6E15C97E
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E15B885
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 571936431-0
                                                                                                                                                                                                                                          • Opcode ID: 7d4c33c7a3b731de27c0e9b3251825b6d378e1c217a5e1c55aea6a9f44a55050
                                                                                                                                                                                                                                          • Instruction ID: 9b41be6e139623acbb0f4fb26e3692bf4ae6d2d7c1f3f745502de2d9657dee98
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d4c33c7a3b731de27c0e9b3251825b6d378e1c217a5e1c55aea6a9f44a55050
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1131D3B4D1020ADFCB04DFD4D850AEEB7B4FB09318F10492AD421AB394D7356AA4EB91
                                                                                                                                                                                                                                          Function 6E1A2036 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8e257bf8a1c81c27a36e2085352431b7ea115bd805c836b3410d77e35a2ffa77
                                                                                                                                                                                                                                          • Instruction ID: 740c51bafeade1520126435bb15991ce79a5fc1ec0b6dcf50911648877b3f8ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e257bf8a1c81c27a36e2085352431b7ea115bd805c836b3410d77e35a2ffa77
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D210475644205EFEB209BEA8D48B5E7BA9EF427A4F214160EB50EB180E7719C80F660
                                                                                                                                                                                                                                          Function 6E1A36CC Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,6E196340,00000000,6E15CB2E,?,?,6E19F469,?,?,?,?,6E15CB2E,00000000,00000000), ref: 6E1A36D1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A372E
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A3764
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000008,000000FF,?,?,6E19F469,?,?,?,?,6E15CB2E,00000000,00000000,?,?,00000000), ref: 6E1A376F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                          • Opcode ID: 223b9bf210862423193add9f72b49875b362acb889ba1ff1a422ae4a85ab7a77
                                                                                                                                                                                                                                          • Instruction ID: 14a6ce69db2909d6c127b8cb2d30782460a618bc8f2801b98c80cb828c17fc4d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 223b9bf210862423193add9f72b49875b362acb889ba1ff1a422ae4a85ab7a77
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F211E77E204A462AE6415AFD8C8CFBE356E9BC6769B200924F334C62D4DF6488837120
                                                                                                                                                                                                                                          Function 6E1880A9 Relevance: 6.1, APIs: 4, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6E1880E3
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000001F,00000000,00000000), ref: 6E18810D
                                                                                                                                                                                                                                          • GetCapture.USER32 ref: 6E188123
                                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000001F,00000000,00000000), ref: 6E188132
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSend$Capture
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1665607226-0
                                                                                                                                                                                                                                          • Opcode ID: ff6fac1c441a35c3d098d6f2f028e58ab806b802b2a2c718fd6c741bde1885ef
                                                                                                                                                                                                                                          • Instruction ID: 3dd0093d2b5447205d4fcc26da701cb7b6c8ef717dc5558ef4d127aacb23c5d1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff6fac1c441a35c3d098d6f2f028e58ab806b802b2a2c718fd6c741bde1885ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6118271201609BFEE525BA0CC98FFF7B6EEF48795F004025F6059B2A1DB619C91BB60
                                                                                                                                                                                                                                          Function 6E169280 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E1692FF
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E169319
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E169333
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E16934D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::bad_exception::bad_exception
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2160870905-0
                                                                                                                                                                                                                                          • Opcode ID: efd5b4d5f1a4b9ca77d51577e76ca9048cfd4ece2734f2cd41eb69fd7ee3fddd
                                                                                                                                                                                                                                          • Instruction ID: 8b1c62d846a3cd9fd189444235a759bef9f9966608c102d0d6530a8d921eaa35
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efd5b4d5f1a4b9ca77d51577e76ca9048cfd4ece2734f2cd41eb69fd7ee3fddd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73216071900248EBCB04CFE8D890EEE77BABF58704F14889DE5116B254CB35AA98FB50
                                                                                                                                                                                                                                          Function 6E169100 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E16917F
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E169199
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E1691B3
                                                                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 6E1691CD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::bad_exception::bad_exception
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2160870905-0
                                                                                                                                                                                                                                          • Opcode ID: 2aed332bfd0ec5baef0505a3c2988e30138a029ed677765c2cfa064d238a3a87
                                                                                                                                                                                                                                          • Instruction ID: 969958550936951ba1c6e08a3450fa7f34f164ad2d975113b174ced0dd05be74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2aed332bfd0ec5baef0505a3c2988e30138a029ed677765c2cfa064d238a3a87
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD216071900248EBCB04CFE4D894EEF77BAAF58304F10889DE51167254CB35AA98FB10
                                                                                                                                                                                                                                          Function 6E18EAE5 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • BeginDeferWindowPos.USER32(00000000), ref: 6E18EB07
                                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 6E18EB22
                                                                                                                                                                                                                                          • DeferWindowPos.USER32(00000000,00000000,00000000,?,?,?,?,00000000), ref: 6E18EB72
                                                                                                                                                                                                                                          • EndDeferWindowPos.USER32(00000000), ref: 6E18EB7D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Defer$Begin
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2880567340-0
                                                                                                                                                                                                                                          • Opcode ID: dba6561b3082cc2003b062511a00132cb91f3405a3a4a2da9ffaf58c8fe185dc
                                                                                                                                                                                                                                          • Instruction ID: 4d4f3ea8dd5fcd0059d36d7afad4a1d28ff256c5e747e3be0a786545c1847a71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dba6561b3082cc2003b062511a00132cb91f3405a3a4a2da9ffaf58c8fe185dc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E211D71E0051AAFDB41DFE9CC44AAFBBF9FF08310F14446AA516E7250D7349A409FA1
                                                                                                                                                                                                                                          Function 6E160F80 Relevance: 6.1, APIs: 4, Instructions: 61memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::good.LIBCPMTD ref: 6E160FAB
                                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(00000000,00000000,00000104,00000104,?,A4C33E3A,?,6E154BB0,?), ref: 6E160FF8
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E161013
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E161022
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextDebugEnvironmentExpandHeapIdentityQueueStringsWorkstd::ios_base::good
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1751677490-0
                                                                                                                                                                                                                                          • Opcode ID: 760f0c0391a1ba38e22c292f87d868680430e17aef55dbcfe29d0822aa2b351b
                                                                                                                                                                                                                                          • Instruction ID: 07a9419fee3ef8d947cf2b61367386c1b9bd96f66827bfefeb7b9c5708bfb511
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760f0c0391a1ba38e22c292f87d868680430e17aef55dbcfe29d0822aa2b351b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0214FB09101099BCB04DFE4CC50AEFB7B8EB04754F504A29A435A73D0DB346A94DB90
                                                                                                                                                                                                                                          Function 6E18DE34 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnableMenuItem.USER32(?,?,?), ref: 6E18DE63
                                                                                                                                                                                                                                          • GetFocus.USER32 ref: 6E18DE7D
                                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 6E18DE88
                                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000028,00000000,00000000), ref: 6E18DE9D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EnableFocusItemMenuMessageParentSend
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2297321873-0
                                                                                                                                                                                                                                          • Opcode ID: c974f7d9db23cbff4668d281291a945929be7a337f461c33067a4f525b850de4
                                                                                                                                                                                                                                          • Instruction ID: db9b33052b76c9027a6feeffefb052a9a046de7fa81fd04a46d8ddb158de75ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c974f7d9db23cbff4668d281291a945929be7a337f461c33067a4f525b850de4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF11CE71210B05EFD7209FA4C844B57B7BEBF64711F208B1AE55A96690D770F8C0AEA0
                                                                                                                                                                                                                                          Function 004020F9 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00402100
                                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000), ref: 00402107
                                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00402117
                                                                                                                                                                                                                                            • Part of subcall function 00406831: GetVersion.KERNEL32(00445D80,?,00000000,00404FD5,00445D80,00000000,00425AD2,74DF23A0,00000000), ref: 00406902
                                                                                                                                                                                                                                          • CreateFontIndirectW.GDI32(00420110), ref: 0040216A
                                                                                                                                                                                                                                            • Part of subcall function 00405F7D: wsprintfW.USER32 ref: 00405F8A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectVersionwsprintf
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1599320355-0
                                                                                                                                                                                                                                          • Opcode ID: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                          • Instruction ID: 0ba792ce9c48b24537a9dfec97a4105c0a721b5be590283e64661935fd66df2d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e7bfe574d04e9302ce96a75028483347f8e754cab2f6e4722de83d8c32547a7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6018872B042509FF7119BB4BC4ABAA7BE4A715315F504436F141F61E3CA7D4411C72D
                                                                                                                                                                                                                                          Function 6E186497 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 6E1864A1
                                                                                                                                                                                                                                          • GetTopWindow.USER32(00000000), ref: 6E1864AE
                                                                                                                                                                                                                                            • Part of subcall function 6E186497: GetWindow.USER32(00000000,00000002), ref: 6E1864FD
                                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 6E1864E2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$Item
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 369458955-0
                                                                                                                                                                                                                                          • Opcode ID: 0194ee8becb2fe4646b8ac1a4062eabba2e5676da9693a0a2ec726ca1dfc4479
                                                                                                                                                                                                                                          • Instruction ID: be2e0b866e75cf4bfe6fc1a592a0a5d23fc36deaeaf20a9d4df3a46577a6e033
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0194ee8becb2fe4646b8ac1a4062eabba2e5676da9693a0a2ec726ca1dfc4479
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6014B71475A2EABCB521FE1CC04A8F3A69AF21795F109415FD0494118EB31CA91BED2
                                                                                                                                                                                                                                          Function 6E166550 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 6E16656E
                                                                                                                                                                                                                                          • DestroyWindow.USER32(6E1B5220), ref: 6E16658D
                                                                                                                                                                                                                                          • DestroyWindow.USER32(FFFC45C7), ref: 6E1665AD
                                                                                                                                                                                                                                          • DestroyWindow.USER32(8DFFFFFF), ref: 6E1665CD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: DestroyWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3375834691-0
                                                                                                                                                                                                                                          • Opcode ID: 760666d014c5aec8ffdbea5533002fd7ea67dcd16a7314bafc25fe23a59a06ce
                                                                                                                                                                                                                                          • Instruction ID: 4c363c4d352d0064d55c60b251da99908835b25bb6aae11659831629b070e045
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 760666d014c5aec8ffdbea5533002fd7ea67dcd16a7314bafc25fe23a59a06ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA11A278A10208EFCB40CF94C598B9DBBB2AF49315F608688D8045B395D775AE81EF90
                                                                                                                                                                                                                                          Function 6E19EC00 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,?,?,00000000,6E19ED19,00000000,?,6E1A69CB,00000104,00000104,6E19ED19,?,?,?,00000104,00000001), ref: 6E19EC16
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E1A69CB,00000104,00000104,6E19ED19,?,?,?,00000104,00000001,00000000,00000000,?,6E19ED19,00000104,00000104), ref: 6E19EC20
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E19EC27
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2398240785-0
                                                                                                                                                                                                                                          • Opcode ID: 4a6654063fdd4a924d6880be75155410efd79ebe12f36f8c66e3167abd545cad
                                                                                                                                                                                                                                          • Instruction ID: f0a37c221ca53fa891b44f7dca003126739c201bb951ef3b66f8a2ff891cd54e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a6654063fdd4a924d6880be75155410efd79ebe12f36f8c66e3167abd545cad
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CF06D32200516BB9F105BEAC848C87BFAAFF456A03108911F558D7110C731FA91FBE0
                                                                                                                                                                                                                                          Function 6E19EB97 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,?,?,00000000,6E19ED19,00000000,?,6E1A6A40,00000104,00000104,?,?,?,00000104,00000001,00000000), ref: 6E19EBAD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E1A6A40,00000104,00000104,?,?,?,00000104,00000001,00000000,00000000,?,6E19ED19,00000104,00000104), ref: 6E19EBB7
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6E19EBBE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2398240785-0
                                                                                                                                                                                                                                          • Opcode ID: 03f3df597aa272acfafd7c780404fd06efcb673e0afe4a36840cb48678d4141b
                                                                                                                                                                                                                                          • Instruction ID: a8c365844f49fa0a72fe105c6bbc52d65c9ffca75aeca66526fa0489bb211582
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03f3df597aa272acfafd7c780404fd06efcb673e0afe4a36840cb48678d4141b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF08132604526BBDF106FE6C808D46BFAAFF452A03158912F51BC7110C731E9A0FBE0
                                                                                                                                                                                                                                          Function 00407224 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 43stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00406EFE: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00406F22
                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,00000009), ref: 00407265
                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,Version ), ref: 00407276
                                                                                                                                                                                                                                          • lstrcpynW.KERNEL32(?,?,?), ref: 0040728D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrcpyn$CreateFilelstrcmp
                                                                                                                                                                                                                                          • String ID: Version
                                                                                                                                                                                                                                          • API String ID: 512980652-315105994
                                                                                                                                                                                                                                          • Opcode ID: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                          • Instruction ID: f6016284c167eb8c93e4c4d2cd91337f160ffdcdaea293fd9af5b6974d265005
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e08784de301d9fe6ca80962c3bdf8726d1c794b972164068317a4e691a2db981
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74F08172A0021CBBDF109BA5DD45EEA777CAB44700F000076F600F6191E2B5AE148BA1
                                                                                                                                                                                                                                          Function 6E18852A Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                                                          • Opcode ID: a6a185291384b686336d3085a1848a9e32f44bf4e2219fc198cd755abbf3a000
                                                                                                                                                                                                                                          • Instruction ID: 0737de67c1eca3b3d4fffcfd60fb80487b8f4f3735cd9dfb7c16635270d4df48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6a185291384b686336d3085a1848a9e32f44bf4e2219fc198cd755abbf3a000
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF0E27200161AFFCF425F90EC18ACF3B2AAF1A792F408011FA1554060C7368AA1FFA1
                                                                                                                                                                                                                                          Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,0040372F,00000001,?,?,?,00000000,00403A73,?), ref: 004032E5
                                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00403303
                                                                                                                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A73,?), ref: 0040332E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                                          • Opcode ID: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                          • Instruction ID: 7080548a0c715e844c944b711630a30770084a0de0adb1936a850f0acfbe0ad2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fc2252fa4e8cade60f22cfb8dff2eb59aca0eba7377cdae62c8c9885b14618
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76F05E30541220BBC620AF24FD89AAF7F68B705B1274008BAF405B11A6C7384D92CFDC
                                                                                                                                                                                                                                          Function 00406391 Relevance: 6.0, APIs: 4, Instructions: 31memorylibraryloaderCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00002004,00000000,?,?,00402449,?,?,?,00000008,00000001,000000F0), ref: 0040639C
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00002004,00000000,00000000,?,?,00402449,?,?,?,00000008,00000001), ref: 004063B2
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00000000), ref: 004063C1
                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004063CA
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Global$AddressAllocByteCharFreeMultiProcWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2883127279-0
                                                                                                                                                                                                                                          • Opcode ID: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                          • Instruction ID: 23858f5f5f858bd20c6f81bae205610dc5c3869b82bfcacec746ad73dc06cfd6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfe0beae58ad61bea83a9ac8add919dc7b7c61ebe1ef4fe2e37f024ea1666988
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82E092313001117BF2101B269D8CD677EACDBCA7B2B05013AF645E11E1C6308C10C674
                                                                                                                                                                                                                                          Function 6E1AE5DB Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(?,?,6E1A53B5,00000000,?,?,6E1ACB50,?,00000001,?,00000001,?,6E1A5E59,00000000,00000000,00000001), ref: 6E1AE5F2
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6E1ACB50,?,00000001,?,00000001,?,6E1A5E59,00000000,00000000,00000001,00000000,00000001,?,6E1A63AD,6E1A5344), ref: 6E1AE5FE
                                                                                                                                                                                                                                            • Part of subcall function 6E1AE5C4: CloseHandle.KERNEL32(FFFFFFFE,6E1AE60E,?,6E1ACB50,?,00000001,?,00000001,?,6E1A5E59,00000000,00000000,00000001,00000000,00000001), ref: 6E1AE5D4
                                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 6E1AE60E
                                                                                                                                                                                                                                            • Part of subcall function 6E1AE586: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6E1AE5B5,6E1ACB3D,00000001,?,6E1A5E59,00000000,00000000,00000001,00000000), ref: 6E1AE599
                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(?,?,6E1A53B5,00000000,?,6E1ACB50,?,00000001,?,00000001,?,6E1A5E59,00000000,00000000,00000001,00000000), ref: 6E1AE623
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                                          • Opcode ID: f57c901568259c2666814f96eb6794529d2a51a564ed323aa02a803a02bebfec
                                                                                                                                                                                                                                          • Instruction ID: 2d1fa2244261bfefd26a96f3c06e5173ccdc3a7fe8205b38fb8c7cd88e2ab9cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f57c901568259c2666814f96eb6794529d2a51a564ed323aa02a803a02bebfec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DF0F83A800519BBCF622FD9DC0899E3F2AEF096A0F118410FA1D86120D77289A0BBD0
                                                                                                                                                                                                                                          Function 6E1665F0 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000), ref: 6E1665FF
                                                                                                                                                                                                                                          • ShowWindow.USER32(8DFFFFFF,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16660E
                                                                                                                                                                                                                                          • ShowWindow.USER32(F9E8CC4D,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16661D
                                                                                                                                                                                                                                          • ShowWindow.USER32(8BFFFFE7,00000000,?,6E17CBB8,00000000,00000000,A4C33E3A,?,?,?,?,?,?,?,00000000,6E1B341D), ref: 6E16662C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                                          • Opcode ID: f0c7061e0d02c6bf9645d902b66b410eb512166e075bb2b17f443160762ae16d
                                                                                                                                                                                                                                          • Instruction ID: 79b3ab60fc81bdb6fef4bcdd968ebcd7c9c3d9297d3ff5f0993bc7658818db78
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0c7061e0d02c6bf9645d902b66b410eb512166e075bb2b17f443160762ae16d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97F0AC75640208EFDB04DB94CA5AF5AB7B9FF49701F108588F6099F381D672EE00EB90
                                                                                                                                                                                                                                          Function 6E1A3020 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A3029
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: HeapFree.KERNEL32(00000000,00000000,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?), ref: 6E1A3934
                                                                                                                                                                                                                                            • Part of subcall function 6E1A391E: GetLastError.KERNEL32(?,?,6E1AB527,?,00000000,?,?,?,6E1AB54E,?,00000007,?,?,6E1A9B53,?,?), ref: 6E1A3946
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A303C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A304D
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6E1A305E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: c67e93f2adb0d7136f101893c3e5510467187f914ab60c24b99cdd9d2b46e3bf
                                                                                                                                                                                                                                          • Instruction ID: b26bb05bbb45ae15699c7ed245696a8003e1ad2fa2690b88f2c465be324a7bfd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c67e93f2adb0d7136f101893c3e5510467187f914ab60c24b99cdd9d2b46e3bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FE04F75801A20AACF52EF59C54C4993EB6E70EF20320980AE825E2321C7390293FB82
                                                                                                                                                                                                                                          Function 6E1A07E6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __aulldvrm
                                                                                                                                                                                                                                          • String ID: +$-
                                                                                                                                                                                                                                          • API String ID: 1302938615-2137968064
                                                                                                                                                                                                                                          • Opcode ID: 0a6efb37764a9c3643b7099452c14860232f03b5f780ddd0b30a76e3fb49037b
                                                                                                                                                                                                                                          • Instruction ID: 714599c0264f23df818b10c247b89d8a02e4582e952d5361eeb5cbade7da0848
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a6efb37764a9c3643b7099452c14860232f03b5f780ddd0b30a76e3fb49037b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A91F734D442499EEF10CEEDC4A06FDBB74EF56320F14825AEA79A7290E37089C5EB51
                                                                                                                                                                                                                                          Function 6E1676F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E167F00: task.LIBCPMTD ref: 6E167F6A
                                                                                                                                                                                                                                            • Part of subcall function 6E167F00: Concurrency::task_options::get_scheduler.LIBCPMTD ref: 6E167F83
                                                                                                                                                                                                                                            • Part of subcall function 6E168080: swap.LIBCPMTD ref: 6E168099
                                                                                                                                                                                                                                            • Part of subcall function 6E16C6A0: task.LIBCPMTD ref: 6E16C742
                                                                                                                                                                                                                                            • Part of subcall function 6E16C820: task.LIBCPMTD ref: 6E16C890
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E167839
                                                                                                                                                                                                                                            • Part of subcall function 6E156420: _DebugHeapAllocator.LIBCPMTD ref: 6E15642E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E167845
                                                                                                                                                                                                                                            • Part of subcall function 6E158FF0: _DebugHeapAllocator.LIBCPMTD ref: 6E159045
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$AllocatorDebugHeap$Base::Concurrency::details::Concurrency::task_options::get_schedulerContextIdentityQueueWorkswap
                                                                                                                                                                                                                                          • String ID: ((e
                                                                                                                                                                                                                                          • API String ID: 380132305-2845504823
                                                                                                                                                                                                                                          • Opcode ID: 1b5e9227c452ad07a9275fef0fead9913c1c791df314cbede1c352ee8777980f
                                                                                                                                                                                                                                          • Instruction ID: bd3056cf51c70fdfc303f064dd01a64240bea16274b80008e08c29a29cf60be0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b5e9227c452ad07a9275fef0fead9913c1c791df314cbede1c352ee8777980f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1513771805258DBDB25DBA8CD54BDEBBB8AF15308F5085D9D01A6B290DB302F84DF91
                                                                                                                                                                                                                                          Function 6E194576 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E19459B
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 1b57bc6aa52422d9dad2e44897ea49d813c5586c6c578ce286fe8af244478edb
                                                                                                                                                                                                                                          • Instruction ID: 3aac12e29d4158b4ff168fcc360840b6070e223bf0f85c615d9a99e6e7fda17a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b57bc6aa52422d9dad2e44897ea49d813c5586c6c578ce286fe8af244478edb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA4148B190010AAFDF16CFD4CC80AEE7BB9BF58304F258559F924A7221D335A992FB51
                                                                                                                                                                                                                                          Function 6E1705F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1718A0: std::ios_base::good.LIBCPMTD ref: 6E1718AC
                                                                                                                                                                                                                                            • Part of subcall function 6E1718A0: Concurrency::cancel_current_task.LIBCPMT ref: 6E1718B8
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E170717
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E170726
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • excessive object size: , xrefs: 6E1706CF
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::cancel_current_taskConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUserstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: excessive object size:
                                                                                                                                                                                                                                          • API String ID: 276634084-3718820671
                                                                                                                                                                                                                                          • Opcode ID: 34f2b0057ffe8a82a0e4362e45d08cc595a918ef28bf4d7f31103132a760da0d
                                                                                                                                                                                                                                          • Instruction ID: 72a7dadd9899cd4a8cd54b124f27703402fe55cbae6e9b1aa35b978b9acd11ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34f2b0057ffe8a82a0e4362e45d08cc595a918ef28bf4d7f31103132a760da0d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB416D71D041089FDF14CFE8C860BEEB7B9EF58708F14451DE512AB281DB346A85DB61
                                                                                                                                                                                                                                          Function 6E170230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1718A0: std::ios_base::good.LIBCPMTD ref: 6E1718AC
                                                                                                                                                                                                                                            • Part of subcall function 6E1718A0: Concurrency::cancel_current_task.LIBCPMT ref: 6E1718B8
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E170357
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E170366
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::cancel_current_taskConcurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUserstd::ios_base::good
                                                                                                                                                                                                                                          • String ID: excessive array size:
                                                                                                                                                                                                                                          • API String ID: 276634084-2345381964
                                                                                                                                                                                                                                          • Opcode ID: 8b75e554423cf9487e9a6751f9a5add34e524a826bf0c0bdc927b6302f49f695
                                                                                                                                                                                                                                          • Instruction ID: 36d7c5017a5970472855d1b3643231a5b335b8c4352da7205e6c72ea668ff803
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b75e554423cf9487e9a6751f9a5add34e524a826bf0c0bdc927b6302f49f695
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA415D71D041089FDF14CBE8C850BEEB7B9EF58708F14451DE512AB281DB346A85DB61
                                                                                                                                                                                                                                          Function 6E1516F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _fwprintf.LIBCONCRTD ref: 6E151779
                                                                                                                                                                                                                                          • _fwprintf.LIBCONCRTD ref: 6E1517C2
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _fwprintf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: %d.%d.%d.%d
                                                                                                                                                                                                                                          • API String ID: 3002235032-3491811756
                                                                                                                                                                                                                                          • Opcode ID: b166a5239097bc03749b0c088c11010e3059fe8420b8e0ee5d47acda5d3f2594
                                                                                                                                                                                                                                          • Instruction ID: 153f14e050ff201261702be9f0e000696d84bd1082b842cd30fd25b83a188feb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b166a5239097bc03749b0c088c11010e3059fe8420b8e0ee5d47acda5d3f2594
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF4144B090010CDBDB04CFD8D594BEE7BB9EB48314F90852CD925AB380DB35AA95DFA5
                                                                                                                                                                                                                                          Function 6E160860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160894
                                                                                                                                                                                                                                            • Part of subcall function 6E155C30: _DebugHeapAllocator.LIBCPMTD ref: 6E155C67
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E160939
                                                                                                                                                                                                                                            • Part of subcall function 6E155840: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 6E15584A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: %s\%s
                                                                                                                                                                                                                                          • API String ID: 1698587239-4073750446
                                                                                                                                                                                                                                          • Opcode ID: db95e892d8b7e27e0ed8d19bee16b3d3baeb97e398fd1f9e8bfcfb0a43483a2d
                                                                                                                                                                                                                                          • Instruction ID: 6b8c06b7f6241703b16f0a05a9752b2ec31faa8fe30aac318c8d88c8a99b5fcf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db95e892d8b7e27e0ed8d19bee16b3d3baeb97e398fd1f9e8bfcfb0a43483a2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 384123B0910149EBDB04DFA4C954BEF7B7CAF10318F908959E8226B3D0EF346A94DB91
                                                                                                                                                                                                                                          Function 6E16FE30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16FF0E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E16FF1D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID: excessive array size:
                                                                                                                                                                                                                                          • API String ID: 865528258-2345381964
                                                                                                                                                                                                                                          • Opcode ID: 562fed7509df453d16a87e4e733fe9f59c25152484a948c53b897450155282db
                                                                                                                                                                                                                                          • Instruction ID: 1bda70ca63d18b28da8b2fecc3a381ee9732c0cac59cdf8fc5c3f011b107fced
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 562fed7509df453d16a87e4e733fe9f59c25152484a948c53b897450155282db
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC314D71D042489FDF14CFE4D850ADEBBB8EF58708F14452DE426AB380DB346989DB51
                                                                                                                                                                                                                                          Function 6E16FF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16727F
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E16728B
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E1672A0
                                                                                                                                                                                                                                            • Part of subcall function 6E167200: task.LIBCPMTD ref: 6E1672B8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E17004E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E17005D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • excessive object size: , xrefs: 6E170006
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID: excessive object size:
                                                                                                                                                                                                                                          • API String ID: 865528258-3718820671
                                                                                                                                                                                                                                          • Opcode ID: 7e9d073e8b1712fd0c22e28f79b9925c9ae8b6ae9db1af511c63d6c089b1cb48
                                                                                                                                                                                                                                          • Instruction ID: 5a12674cb2f576a8944a361eb5c7e3f14fd26269ccd60df4abf43636746679ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e9d073e8b1712fd0c22e28f79b9925c9ae8b6ae9db1af511c63d6c089b1cb48
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8316C71D04248DFCF14CFE4C850ADEBBB9EF58718F104529E422AB380DB356989DB61
                                                                                                                                                                                                                                          Function 6E178D20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16716F
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E16717B
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error.LIBCMTD ref: 6E167190
                                                                                                                                                                                                                                            • Part of subcall function 6E1670F0: task.LIBCPMTD ref: 6E1671A8
                                                                                                                                                                                                                                            • Part of subcall function 6E192DFE: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,?,?,?,8007000E), ref: 6E192E5E
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E178DC8
                                                                                                                                                                                                                                          • task.LIBCPMTD ref: 6E178DD7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • type must be string, but is , xrefs: 6E178D80
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: task$Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_errorDispatcherExceptionUser
                                                                                                                                                                                                                                          • String ID: type must be string, but is
                                                                                                                                                                                                                                          • API String ID: 865528258-1861512233
                                                                                                                                                                                                                                          • Opcode ID: a620875c8777696f0a3e572299a2bebe3dade9b83280ede9891af166572d5709
                                                                                                                                                                                                                                          • Instruction ID: d084ccb8d78d28f7d56bdde95c0095a14c2e11c9134b476f004b99456e79d619
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a620875c8777696f0a3e572299a2bebe3dade9b83280ede9891af166572d5709
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED213071D0420CAFCF14DFE4D854BEEBBB8EF54B18F504529E415AB280DB34AA85EB90
                                                                                                                                                                                                                                          Function 6E154360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 6E1543B6
                                                                                                                                                                                                                                            • Part of subcall function 6E155860: _DebugHeapAllocator.LIBCPMTD ref: 6E1558B5
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocatorDebugHeap
                                                                                                                                                                                                                                          • String ID: ca%d$ignoreFailure
                                                                                                                                                                                                                                          • API String ID: 571936431-755966023
                                                                                                                                                                                                                                          • Opcode ID: 210a0889b1f523f40f3126174034886b6b126f34b2863dedad7d81824bdad761
                                                                                                                                                                                                                                          • Instruction ID: 90b21f5aaf6c67709accdb2d3f7834a5ed2423b2d00926daab37ca532d591205
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 210a0889b1f523f40f3126174034886b6b126f34b2863dedad7d81824bdad761
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50215CB0D14208DBCF04CFD4D880BEFBBB8EB08714F104569E426A7380D7355A95DBA1
                                                                                                                                                                                                                                          Function 004048F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0040492E
                                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,00000200,?,?), ref: 0040499C
                                                                                                                                                                                                                                            • Part of subcall function 00403DDB: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DED
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                          • Opcode ID: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                          • Instruction ID: 3c1fd1ddb59456d7d2ea24cd553691e7f5dd8d926ac1a383129e0726a186868e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c170883d227fca0112a12e156e2c8e9ea80fa6a38e1ecce58c6b14ca94f7736c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE118FF1500209ABDF115F65DC44EAB776CAF84365F00803BFA04761A2C37D8D919FA9
                                                                                                                                                                                                                                          Function 004021B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(00445D80,00425AD2,74DF23A0,00000000), ref: 00404FD6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrlenW.KERNEL32(004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FE6
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: lstrcatW.KERNEL32(00445D80,004034E5,004034E5,00445D80,00425AD2,74DF23A0,00000000), ref: 00404FF9
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SetWindowTextW.USER32(00445D80,00445D80), ref: 0040500B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405031
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040504B
                                                                                                                                                                                                                                            • Part of subcall function 00404F9E: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405059
                                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(?,00000000,00000000,00000000,004D70B0,?), ref: 00402202
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • ExecShell: success ("%s": file:"%s" params:"%s"), xrefs: 00402226
                                                                                                                                                                                                                                          • ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d, xrefs: 00402211
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: MessageSendlstrlen$ExecuteShellTextWindowlstrcatwvsprintf
                                                                                                                                                                                                                                          • String ID: ExecShell: success ("%s": file:"%s" params:"%s")$ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
                                                                                                                                                                                                                                          • API String ID: 3156913733-2180253247
                                                                                                                                                                                                                                          • Opcode ID: 15c68030ebc057a6bcbee2c0ec13fbcebe1f6febf3bc6cb13a7f0169c5a164a4
                                                                                                                                                                                                                                          • Instruction ID: 745ed8f2a75272e62c3db2eabdadd847eb541a5ed47e1f4d533bb28834579f01
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15c68030ebc057a6bcbee2c0ec13fbcebe1f6febf3bc6cb13a7f0169c5a164a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD01F7B2B4021076D72076B69C87FAB2A5CDB81768B20447BF502F60D3E57D8C40D138
                                                                                                                                                                                                                                          Function 6E151650 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 6E15167F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Base::Concurrency::details::ContextIdentityQueueWork
                                                                                                                                                                                                                                          • String ID: ftp$http
                                                                                                                                                                                                                                          • API String ID: 2086788075-3806254278
                                                                                                                                                                                                                                          • Opcode ID: 88b8446cd915614e733a7b981ad151c75eb813a131bf5b9b5950db49a73df0bd
                                                                                                                                                                                                                                          • Instruction ID: 424a6ea8a3fda6a5f63727c74f58d19b186f04a01007cc9461cc7e8ef58c2d25
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88b8446cd915614e733a7b981ad151c75eb813a131bf5b9b5950db49a73df0bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC0152B0904609EBDB04DF94CD40BDEBBB8FB04754F504619E835AB3C0EB74A694DB90
                                                                                                                                                                                                                                          Function 00402175 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 0040219F
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                            • Part of subcall function 004062CF: wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 004021AA
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Window$EnableShowlstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: HideWindow
                                                                                                                                                                                                                                          • API String ID: 1249568736-780306582
                                                                                                                                                                                                                                          • Opcode ID: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                                                                                                                                          • Instruction ID: f8c041d4f94449417b74c9df8c85987c6128e61f091d6cc810bdb42da7a8293a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13cbdd23df18d036de9d5c22efd7f5e469270204adcf9325ac20a19b3184ad94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13E0D832A04110DBDB08FFF5A64959E76B4EE9532A72104BFE103F61D2DA7D4D01C62D
                                                                                                                                                                                                                                          Function 00402797 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32(00000000,00000000,?,?,00002003,00000000), ref: 004027CD
                                                                                                                                                                                                                                          • lstrcmpW.KERNEL32(?,?,?,00002003,00000000,000000DD,00000012,00000001), ref: 004027D8
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: PrivateProfileStringlstrcmp
                                                                                                                                                                                                                                          • String ID: !N~
                                                                                                                                                                                                                                          • API String ID: 623250636-529124213
                                                                                                                                                                                                                                          • Opcode ID: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                          • Instruction ID: 1025b72e91f13a3121db677028adcce723ab2f3f19a12cbdb86f5280e69f3e4e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07e0e1e700d966a463b53d73ca6f39700f71f89c173b529fa76a4fed3a8722df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E0C0716002086AEB01ABA1DD89DAE7BACAB45304F144426F601F71E3E6745D028714
                                                                                                                                                                                                                                          Function 00405C6B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00461DD0,Error launching installer), ref: 00405C90
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405C9D
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Error launching installer, xrefs: 00405C74
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                          • Opcode ID: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                          • Instruction ID: 058e85fc593d498414a6a643ff83d14e048665682532f700ab3f6144ed6d8858
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7e07479a26add6e139fb42e4e519ed4ce81f94bdda572b5be1add7e8fe8fde5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4E0ECB0900209AFEB009F65DD09E7B7BBCEB00384F084426AD10E2161E778D8148B69
                                                                                                                                                                                                                                          Function 004062CF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • lstrlenW.KERNEL32(File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll",00406EA5,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062DC
                                                                                                                                                                                                                                          • wvsprintfW.USER32(00000000,?,?), ref: 004062F3
                                                                                                                                                                                                                                            • Part of subcall function 00406113: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,00406300,00000000), ref: 0040612A
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll", xrefs: 004062D1, 004062D6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseHandlelstrlenwvsprintf
                                                                                                                                                                                                                                          • String ID: File: wrote 540456 to "C:\Users\user\AppData\Local\Temp\nskCC03.tmp\Sibuia.dll"
                                                                                                                                                                                                                                          • API String ID: 3509786178-699131752
                                                                                                                                                                                                                                          • Opcode ID: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                          • Instruction ID: 2c5812d3804eb93f93713fa8b891b4ce654538dc852139f9e16b4ff69120e8c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db8d081d013b9790c932ab277b4a3a99312fd955ab88a80e97be1a4fe9473cae
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93D05E34A50206BADA009FE1FE29E597764AB84304F400869F005890B1EA74C4108B0E
                                                                                                                                                                                                                                          Function 6E1A223F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CommandLine
                                                                                                                                                                                                                                          • String ID: p%d
                                                                                                                                                                                                                                          • API String ID: 3253501508-161268964
                                                                                                                                                                                                                                          • Opcode ID: a46aa96bf0b429b3b7af89146a377e36cc0ba3d1f75c9d32bf4ed45d3b8c640b
                                                                                                                                                                                                                                          • Instruction ID: cb6de533db0ee692e1dd2ca00d0dd24b0c1cff28394911fa00e6e93fd362e1e8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a46aa96bf0b429b3b7af89146a377e36cc0ba3d1f75c9d32bf4ed45d3b8c640b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77B008B8811A048F8F419F66D11D1487EE6BA5EA463909596D869C2600D7394105EE10
                                                                                                                                                                                                                                          Function 6E168460 Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,00000000,?,0000FDE9,?,?,?,?,?,00000000,?,?,6E1679B9,00000000), ref: 6E1684EA
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0000FDE9,?,?,?,?,?,00000000,?), ref: 6E168510
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,00000000,00000000,00000000,?,0000FDE9,?,?,?,?,?,00000000,?), ref: 6E16852D
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,00000000,00000000,?,0000FDE9,?,?,?,0000FDE9,?,?,?,?,?,00000000), ref: 6E16856A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                                          • Opcode ID: c90db9334013ebceca7491210a450cda2190b7e1d520e56c5b822e300efec37b
                                                                                                                                                                                                                                          • Instruction ID: 2d598d96fbd7e4c28b64fa50208b73da3ccca204e252032d8a9fabef16db7c43
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c90db9334013ebceca7491210a450cda2190b7e1d520e56c5b822e300efec37b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A41EBB5E00209AFDB04DFD8C895BEFBBB5BF49308F108548E515AB384D775AA90DB90
                                                                                                                                                                                                                                          Function 6E18A838 Relevance: 5.1, APIs: 4, Instructions: 75COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6E1CE860,6E1CE844,006E5160,6E1CE860), ref: 6E18A8B3
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6E1CE860,?), ref: 6E18A8C6
                                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000), ref: 6E18A8CF
                                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 6E18A8EB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2949335588-0
                                                                                                                                                                                                                                          • Opcode ID: 2f6c4ca73316b6e0c1a1b1759d131a96d2ab3c864f9e4ff6ee159974caa21e3f
                                                                                                                                                                                                                                          • Instruction ID: 3bcb08eafc4aad77d3c3e11d68e4f40219e73c5548d054718ea62d9fc4d34096
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f6c4ca73316b6e0c1a1b1759d131a96d2ab3c864f9e4ff6ee159974caa21e3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03219535E00615EFCB44DF94C494A9EBBB6FF4A311F208059E921AB290C730F992DF90
                                                                                                                                                                                                                                          Function 00405DE2 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,?,00000000,00406BFF,00000000,[Rename]), ref: 00405DF2
                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,?), ref: 00405E0A
                                                                                                                                                                                                                                          • CharNextA.USER32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E1B
                                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000,00406BFF,00000000,[Rename]), ref: 00405E24
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4190082739.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4189924109.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190216933.0000000000409000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.0000000000420000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190309996.000000000046B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4190573690.0000000000534000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                                          • Opcode ID: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                          • Instruction ID: 6c750b41c95b6ea6b2c0dd9449a28e86abc919c298eb75f697d1220529daba74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6101864ab16567e6bb9a2a5d9c8424f3785a5e6dd51bc724eb4dc87483e37eb4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95F0CD31205558FFCB019FA9DC0499FBBA8EF5A350B2544AAE840E7321D234DE019BA4
                                                                                                                                                                                                                                          Function 6E18BA4E Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6E1CEA20,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BA7F
                                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BA95
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6E1CEA20,?,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18BAA3
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2,6E158A38), ref: 6E18BAB0
                                                                                                                                                                                                                                            • Part of subcall function 6E18B9E5: InitializeCriticalSection.KERNEL32(6E1CEA20,6E18BA69,?,?,?,6E18A9E8,00000010,00000008,6E18B097,6E18B0D4,6E180A4D,6E180C09,6E156BFC,6E1589D2,?,6E1589D2), ref: 6E18B9FD
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 713024617-0
                                                                                                                                                                                                                                          • Opcode ID: 1d15c2d68bdef2e7d38153c3d42c7b8d0cdc0c88a983d5846e95d722df54e5ac
                                                                                                                                                                                                                                          • Instruction ID: 0da3dbdb3e5c0054e9db05ce903ac26b128a06ab9e3f1f7ae356286a36123b34
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d15c2d68bdef2e7d38153c3d42c7b8d0cdc0c88a983d5846e95d722df54e5ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF062B2900614AFDA542BD5CC4EF9B3A6DFF67B16F806811E502D2045C778C5C1BBA1
                                                                                                                                                                                                                                          Function 6E18AACF Relevance: 5.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(6E1CE860,?,?,?,?,6E18AACB,00000000,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18AADB
                                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(6E1CE844,?,?,?,?,6E18AACB,00000000,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18AAEF
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6E1CE860,?,?,?,?,6E18AACB,00000000,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18AB09
                                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(6E1CE860,?,?,?,?,6E18AACB,00000000,00000004,6E18B07D,6E180A4D,6E180C09,6E156BFC,6E1589D2), ref: 6E18AB14
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000000.00000002.4208133836.000000006E151000.00000020.00000001.01000000.00000004.sdmp, Offset: 6E150000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208026988.000000006E150000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208254689.000000006E1B5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208338965.000000006E1CB000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208393947.000000006E1CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000000.00000002.4208475120.000000006E1D0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_6e150000_Software_Tool.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3969253408-0
                                                                                                                                                                                                                                          • Opcode ID: dfd8a22c87b7bae296363a81bae583cad1f923d4f25fdb6f2ffaff5a187fb34d
                                                                                                                                                                                                                                          • Instruction ID: f41c52d5d315d9fc193ecafe1f869adcc6377095dfe999f0b817ae1ec4f29e2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfd8a22c87b7bae296363a81bae583cad1f923d4f25fdb6f2ffaff5a187fb34d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBF0B432704A19AFDBE0AF95C884D4BB76FFE553A03118025E811A7141D770FC81AFE0

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:6.4%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                          Total number of Nodes:2000
                                                                                                                                                                                                                                          Total number of Limit Nodes:113
                                                                                                                                                                                                                                          execution_graph 16096 6cb04cb0 16097 6cb04f5f 16096->16097 16098 6cb04ce9 16096->16098 16098->16097 16163 6cb01460 16098->16163 16100 6cb04d28 16101 6cb04fa7 16100->16101 16104 6cb03c70 69 API calls 16100->16104 16102 6cb018c0 26 API calls 16101->16102 16103 6cb04fb4 16102->16103 16105 6cb0712b CallUnexpected RaiseException 16103->16105 16106 6cb04d5e 16104->16106 16110 6cb04fc2 16105->16110 16181 6cb033c0 16106->16181 16108 6cb04d7c _Yarn 16198 6cb02aa0 16108->16198 16109 6cb05237 16110->16109 16111 6cb01640 73 API calls 16110->16111 16112 6cb0506f 16111->16112 16113 6cb01350 44 API calls 16112->16113 16115 6cb050a8 16113->16115 16117 6cb03e30 97 API calls 16115->16117 16116 6cb04da8 16120 6cb03000 65 API calls 16116->16120 16118 6cb050be 16117->16118 16119 6cb050fe 16118->16119 16131 6cb0524e 16118->16131 16121 6cb05299 16119->16121 16124 6cb05125 16119->16124 16122 6cb04df4 16120->16122 16123 6cb018c0 26 API calls 16121->16123 16125 6cb04f76 16122->16125 16126 6cb04dff 16122->16126 16128 6cb052a6 16123->16128 16129 6cb03c70 69 API calls 16124->16129 16127 6cb01950 26 API calls 16125->16127 16137 6cb04e30 16126->16137 16138 6cb04f8c 16126->16138 16130 6cb04f7e 16127->16130 16132 6cb0712b CallUnexpected RaiseException 16128->16132 16133 6cb05134 16129->16133 16134 6cb0712b CallUnexpected RaiseException 16130->16134 16140 6cb01e20 28 API calls 16131->16140 16135 6cb052b4 16132->16135 16136 6cb031b0 75 API calls 16133->16136 16134->16138 16141 6cb05144 16136->16141 16212 6cb02d40 16137->16212 16139 6cb01950 26 API calls 16138->16139 16143 6cb04f94 16139->16143 16144 6cb05288 16140->16144 16145 6cb05161 16141->16145 16149 6cb05151 _Yarn 16141->16149 16146 6cb0712b CallUnexpected RaiseException 16143->16146 16147 6cb0712b CallUnexpected RaiseException 16144->16147 16148 6cb02280 25 API calls 16145->16148 16150 6cb04fa2 16146->16150 16147->16121 16152 6cb05169 16148->16152 16151 6cb02280 25 API calls 16149->16151 16153 6cb0a2af 25 API calls 16150->16153 16154 6cb0519e 16151->16154 16155 6cb02520 68 API calls 16152->16155 16153->16101 16156 6cb02520 68 API calls 16154->16156 16157 6cb05174 16155->16157 16158 6cb051a9 16156->16158 16159 6cb04e3e 16159->16150 16160 6cb04ed9 std::ios_base::_Ios_base_dtor 16159->16160 16225 6cb02450 16160->16225 16162 6cb04eee 16164 6cb0149a 16163->16164 16165 6cb01640 73 API calls 16164->16165 16166 6cb014f3 16165->16166 16167 6cb01350 44 API calls 16166->16167 16168 6cb0154c 16167->16168 16169 6cb05c5b 68 API calls 16168->16169 16172 6cb015ca 16168->16172 16170 6cb01564 16169->16170 16171 6cb0156b 16170->16171 16170->16172 16173 6cb03570 25 API calls 16171->16173 16175 6cb01e20 28 API calls 16172->16175 16179 6cb01592 16172->16179 16174 6cb01575 16173->16174 16177 6cb01070 69 API calls 16174->16177 16176 6cb01625 16175->16176 16178 6cb0712b CallUnexpected RaiseException 16176->16178 16177->16179 16180 6cb01633 16178->16180 16179->16100 16182 6cb033d2 16181->16182 16183 6cb03438 16181->16183 16184 6cb03409 16182->16184 16185 6cb033da 16182->16185 16186 6cb037a0 27 API calls 16183->16186 16187 6cb03426 16184->16187 16190 6cb05f60 std::_Facet_Register 17 API calls 16184->16190 16188 6cb033e1 16185->16188 16189 6cb0343d 16185->16189 16186->16189 16187->16108 16191 6cb05f60 std::_Facet_Register 17 API calls 16188->16191 16192 6cb03760 Concurrency::cancel_current_task 2 API calls 16189->16192 16193 6cb03413 16190->16193 16194 6cb033e7 16191->16194 16192->16194 16193->16108 16195 6cb033f0 16194->16195 16196 6cb0a2af 25 API calls 16194->16196 16195->16108 16197 6cb03447 16196->16197 16197->16108 16199 6cb02b01 16198->16199 16200 6cb03000 65 API calls 16199->16200 16201 6cb02b0c 16200->16201 16202 6cb02d15 16201->16202 16203 6cb02b1a 16201->16203 16204 6cb01950 26 API calls 16202->16204 16205 6cb03080 75 API calls 16203->16205 16206 6cb02d1d 16204->16206 16210 6cb02b24 std::ios_base::_Ios_base_dtor 16205->16210 16207 6cb0712b CallUnexpected RaiseException 16206->16207 16207->16210 16208 6cb0a2af 25 API calls 16209 6cb02d30 16208->16209 16210->16208 16211 6cb02cfa std::ios_base::_Ios_base_dtor 16210->16211 16211->16116 16213 6cb02d9a 16212->16213 16213->16213 16214 6cb02e78 16213->16214 16215 6cb02e4e 16213->16215 16223 6cb02e5f __fread_nolock __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 16213->16223 16220 6cb05f60 std::_Facet_Register 17 API calls 16214->16220 16214->16223 16216 6cb02fe6 16215->16216 16217 6cb02e59 16215->16217 16218 6cb03760 Concurrency::cancel_current_task 2 API calls 16216->16218 16219 6cb05f60 std::_Facet_Register 17 API calls 16217->16219 16218->16223 16219->16223 16220->16223 16221 6cb0a2af 25 API calls 16222 6cb02ff0 16221->16222 16223->16221 16224 6cb02fc9 std::ios_base::_Ios_base_dtor 16223->16224 16224->16159 16226 6cb02010 68 API calls 16225->16226 16227 6cb02498 std::ios_base::_Ios_base_dtor 16226->16227 16227->16162 17711 6cb0b5bd 17712 6cb0b5e4 17711->17712 17713 6cb0b5cf 17711->17713 17712->17713 17716 6cb0b60b 17712->17716 17714 6cb0c2b2 _free 14 API calls 17713->17714 17715 6cb0b5d4 17714->17715 17717 6cb0a29f __fread_nolock 25 API calls 17715->17717 17721 6cb0b492 17716->17721 17718 6cb0b5df 17717->17718 17722 6cb0b49e CallCatchBlock 17721->17722 17729 6cb0a485 EnterCriticalSection 17722->17729 17724 6cb0b4ac 17730 6cb0b4ed 17724->17730 17726 6cb0b4b9 17739 6cb0b4e1 17726->17739 17729->17724 17731 6cb0a7e5 ___scrt_uninitialize_crt 62 API calls 17730->17731 17732 6cb0b505 17731->17732 17733 6cb0eec0 14 API calls 17732->17733 17734 6cb0b50f 17733->17734 17735 6cb0b529 17734->17735 17736 6cb0e678 _free 14 API calls 17734->17736 17735->17726 17737 6cb0b54e 17736->17737 17738 6cb0e63e _free 14 API calls 17737->17738 17738->17735 17742 6cb0a499 LeaveCriticalSection 17739->17742 17741 6cb0b4ca 17742->17741 15787 6cb0cd98 15788 6cb0cda6 15787->15788 15789 6cb0cdb8 15787->15789 15808 6cb0ce3e GetModuleHandleW 15788->15808 15800 6cb0cc5e 15789->15800 15794 6cb0cdf1 15795 6cb0cdf3 15815 6cb0cdfc 15795->15815 15801 6cb0cc6a CallCatchBlock 15800->15801 15823 6cb0b7ed EnterCriticalSection 15801->15823 15803 6cb0cc74 15824 6cb0ccab 15803->15824 15805 6cb0cc81 15828 6cb0cc9f 15805->15828 15809 6cb0cdab 15808->15809 15809->15789 15810 6cb0ce81 GetModuleHandleExW 15809->15810 15811 6cb0cea0 GetProcAddress 15810->15811 15812 6cb0ceb5 15810->15812 15811->15812 15813 6cb0cdb7 15812->15813 15814 6cb0cec9 FreeLibrary 15812->15814 15813->15789 15814->15813 15852 6cb163e3 GetPEB 15815->15852 15818 6cb0ce2b 15821 6cb0ce81 _unexpected 3 API calls 15818->15821 15819 6cb0ce0b GetPEB 15819->15818 15820 6cb0ce1b GetCurrentProcess TerminateProcess 15819->15820 15820->15818 15822 6cb0ce33 ExitProcess 15821->15822 15823->15803 15826 6cb0ccb7 CallCatchBlock 15824->15826 15825 6cb0cd18 _unexpected 15825->15805 15826->15825 15831 6cb0d6ee 15826->15831 15851 6cb0b835 LeaveCriticalSection 15828->15851 15830 6cb0cc8d 15830->15794 15830->15795 15834 6cb0d400 15831->15834 15835 6cb0d40c CallCatchBlock 15834->15835 15842 6cb0b7ed EnterCriticalSection 15835->15842 15837 6cb0d41a 15843 6cb0d5fe 15837->15843 15842->15837 15844 6cb0d427 15843->15844 15845 6cb0d61d 15843->15845 15847 6cb0d44f 15844->15847 15845->15844 15846 6cb0e63e _free 14 API calls 15845->15846 15846->15844 15850 6cb0b835 LeaveCriticalSection 15847->15850 15849 6cb0d438 15849->15825 15850->15849 15851->15830 15853 6cb163fd 15852->15853 15854 6cb0ce06 15852->15854 15856 6cb0e9f5 15853->15856 15854->15818 15854->15819 15857 6cb0e972 std::_Lockit::_Lockit 5 API calls 15856->15857 15858 6cb0ea11 15857->15858 15858->15854 16271 6cb0a89b 16272 6cb0a8ad 16271->16272 16275 6cb0a8b6 ___scrt_uninitialize_crt 16271->16275 16279 6cb0a740 16272->16279 16276 6cb0a8c7 16275->16276 16282 6cb0a6e0 16275->16282 16290 6cb0a634 16279->16290 16283 6cb0a6ec CallCatchBlock 16282->16283 16356 6cb0a485 EnterCriticalSection 16283->16356 16285 6cb0a6fa 16286 6cb0a84a ___scrt_uninitialize_crt 66 API calls 16285->16286 16287 6cb0a70b 16286->16287 16357 6cb0a734 16287->16357 16291 6cb0a640 CallCatchBlock 16290->16291 16298 6cb0b7ed EnterCriticalSection 16291->16298 16293 6cb0a64a ___scrt_uninitialize_crt 16294 6cb0a6b6 16293->16294 16299 6cb0a5a8 16293->16299 16307 6cb0a6d4 16294->16307 16298->16293 16300 6cb0a5b4 CallCatchBlock 16299->16300 16310 6cb0a485 EnterCriticalSection 16300->16310 16302 6cb0a5be ___scrt_uninitialize_crt 16303 6cb0a5f7 16302->16303 16311 6cb0a84a 16302->16311 16321 6cb0a628 16303->16321 16355 6cb0b835 LeaveCriticalSection 16307->16355 16309 6cb0a6c2 16310->16302 16312 6cb0a860 16311->16312 16313 6cb0a857 16311->16313 16315 6cb0a7e5 ___scrt_uninitialize_crt 62 API calls 16312->16315 16314 6cb0a740 ___scrt_uninitialize_crt 66 API calls 16313->16314 16317 6cb0a85d 16314->16317 16316 6cb0a866 16315->16316 16316->16317 16318 6cb0f2ab __fread_nolock 25 API calls 16316->16318 16317->16303 16319 6cb0a87c 16318->16319 16324 6cb0f4da 16319->16324 16354 6cb0a499 LeaveCriticalSection 16321->16354 16323 6cb0a616 16323->16293 16325 6cb0f4f8 16324->16325 16326 6cb0f4eb 16324->16326 16328 6cb0f541 16325->16328 16330 6cb0f51f 16325->16330 16327 6cb0c2b2 _free 14 API calls 16326->16327 16334 6cb0f4f0 16327->16334 16329 6cb0c2b2 _free 14 API calls 16328->16329 16331 6cb0f546 16329->16331 16335 6cb0f438 16330->16335 16333 6cb0a29f __fread_nolock 25 API calls 16331->16333 16333->16334 16334->16317 16336 6cb0f444 CallCatchBlock 16335->16336 16349 6cb17c60 EnterCriticalSection 16336->16349 16338 6cb0f453 16339 6cb0f49a 16338->16339 16340 6cb17edc __wsopen_s 25 API calls 16338->16340 16341 6cb0c2b2 _free 14 API calls 16339->16341 16342 6cb0f47f FlushFileBuffers 16340->16342 16343 6cb0f49f 16341->16343 16342->16343 16344 6cb0f48b 16342->16344 16350 6cb0f4ce 16343->16350 16345 6cb0c29f __dosmaperr 14 API calls 16344->16345 16347 6cb0f490 GetLastError 16345->16347 16347->16339 16349->16338 16353 6cb17d15 LeaveCriticalSection 16350->16353 16352 6cb0f4b7 16352->16334 16353->16352 16354->16323 16355->16309 16356->16285 16360 6cb0a499 LeaveCriticalSection 16357->16360 16359 6cb0a71d 16360->16359 15859 6cb0ff9e 15860 6cb0ffab 15859->15860 15864 6cb0ffc3 15859->15864 15861 6cb0c2b2 _free 14 API calls 15860->15861 15862 6cb0ffb0 15861->15862 15863 6cb0a29f __fread_nolock 25 API calls 15862->15863 15871 6cb0ffbb 15863->15871 15865 6cb10022 15864->15865 15866 6cb115de 14 API calls 15864->15866 15864->15871 15867 6cb0f2ab __fread_nolock 25 API calls 15865->15867 15866->15865 15868 6cb1003a 15867->15868 15879 6cb10e3b 15868->15879 15872 6cb0f2ab __fread_nolock 25 API calls 15873 6cb1006e 15872->15873 15873->15871 15874 6cb0f2ab __fread_nolock 25 API calls 15873->15874 15875 6cb1007c 15874->15875 15875->15871 15876 6cb0f2ab __fread_nolock 25 API calls 15875->15876 15877 6cb1008c 15876->15877 15878 6cb0f2ab __fread_nolock 25 API calls 15877->15878 15878->15871 15880 6cb10e47 CallCatchBlock 15879->15880 15881 6cb10e67 15880->15881 15882 6cb10e4f 15880->15882 15884 6cb10f24 15881->15884 15889 6cb10e9d 15881->15889 15883 6cb0c29f __dosmaperr 14 API calls 15882->15883 15886 6cb10e54 15883->15886 15885 6cb0c29f __dosmaperr 14 API calls 15884->15885 15887 6cb10f29 15885->15887 15888 6cb0c2b2 _free 14 API calls 15886->15888 15890 6cb0c2b2 _free 14 API calls 15887->15890 15891 6cb10041 15888->15891 15892 6cb10ea6 15889->15892 15893 6cb10ebb 15889->15893 15902 6cb10eb3 15890->15902 15891->15871 15891->15872 15895 6cb0c29f __dosmaperr 14 API calls 15892->15895 15909 6cb17c60 EnterCriticalSection 15893->15909 15896 6cb10eab 15895->15896 15898 6cb0c2b2 _free 14 API calls 15896->15898 15897 6cb10ec1 15899 6cb10ef2 15897->15899 15900 6cb10edd 15897->15900 15898->15902 15904 6cb10f4f __fread_nolock 37 API calls 15899->15904 15903 6cb0c2b2 _free 14 API calls 15900->15903 15901 6cb0a29f __fread_nolock 25 API calls 15901->15891 15902->15901 15905 6cb10ee2 15903->15905 15906 6cb10eed 15904->15906 15907 6cb0c29f __dosmaperr 14 API calls 15905->15907 15910 6cb10f1c 15906->15910 15907->15906 15909->15897 15913 6cb17d15 LeaveCriticalSection 15910->15913 15912 6cb10f22 15912->15891 15913->15912 16640 6cb0608d 16641 6cb06098 16640->16641 16642 6cb060cb 16640->16642 16644 6cb060bd 16641->16644 16645 6cb0609d 16641->16645 16679 6cb061e7 16642->16679 16665 6cb060e0 16644->16665 16646 6cb060a2 16645->16646 16647 6cb060b3 16645->16647 16651 6cb060a7 16646->16651 16652 6cb064be 16646->16652 16657 6cb0649f 16647->16657 16702 6cb0d88f 16652->16702 16786 6cb08cfd 16657->16786 16660 6cb064a8 16660->16651 16663 6cb064bb 16663->16651 16664 6cb08d08 21 API calls 16664->16660 16666 6cb060ec CallCatchBlock 16665->16666 16792 6cb0652f 16666->16792 16668 6cb060f3 __DllMainCRTStartup@12 16669 6cb0611a 16668->16669 16670 6cb061df 16668->16670 16676 6cb06156 ___scrt_is_nonwritable_in_current_image _unexpected 16668->16676 16800 6cb06491 16669->16800 16808 6cb06afe IsProcessorFeaturePresent 16670->16808 16673 6cb061e6 16674 6cb06129 __RTC_Initialize 16674->16676 16803 6cb06abd InitializeSListHead 16674->16803 16676->16651 16677 6cb06137 16677->16676 16804 6cb06466 16677->16804 16680 6cb061f3 CallCatchBlock __DllMainCRTStartup@12 16679->16680 16681 6cb06224 16680->16681 16682 6cb0628f 16680->16682 16694 6cb061fc 16680->16694 16871 6cb064ff 16681->16871 16683 6cb06afe __DllMainCRTStartup@12 4 API calls 16682->16683 16688 6cb06296 CallCatchBlock 16683->16688 16685 6cb06229 16880 6cb06ac9 16685->16880 16687 6cb0622e __RTC_Initialize __DllMainCRTStartup@12 16883 6cb066a0 16687->16883 16689 6cb062cc dllmain_raw 16688->16689 16698 6cb062c7 __DllMainCRTStartup@12 16688->16698 16699 6cb062b2 16688->16699 16690 6cb062e6 dllmain_crt_dispatch 16689->16690 16689->16699 16690->16698 16690->16699 16694->16651 16695 6cb06338 16696 6cb06341 dllmain_crt_dispatch 16695->16696 16695->16699 16697 6cb06354 dllmain_raw 16696->16697 16696->16699 16697->16699 16698->16695 16700 6cb061e7 __DllMainCRTStartup@12 79 API calls 16698->16700 16699->16651 16701 6cb0632d dllmain_raw 16700->16701 16701->16695 16708 6cb0e3c0 16702->16708 16705 6cb08d08 16774 6cb08dad 16705->16774 16709 6cb0e3ca 16708->16709 16710 6cb064c3 16708->16710 16711 6cb0eb26 _free 6 API calls 16709->16711 16710->16705 16712 6cb0e3d1 16711->16712 16712->16710 16713 6cb0eb65 _free 6 API calls 16712->16713 16714 6cb0e3e4 16713->16714 16716 6cb0e287 16714->16716 16717 6cb0e292 16716->16717 16718 6cb0e2a2 16716->16718 16722 6cb0e2a8 16717->16722 16718->16710 16723 6cb0e2c3 16722->16723 16724 6cb0e2bd 16722->16724 16726 6cb0e63e _free 14 API calls 16723->16726 16725 6cb0e63e _free 14 API calls 16724->16725 16725->16723 16727 6cb0e2cf 16726->16727 16728 6cb0e63e _free 14 API calls 16727->16728 16729 6cb0e2da 16728->16729 16730 6cb0e63e _free 14 API calls 16729->16730 16731 6cb0e2e5 16730->16731 16732 6cb0e63e _free 14 API calls 16731->16732 16733 6cb0e2f0 16732->16733 16734 6cb0e63e _free 14 API calls 16733->16734 16735 6cb0e2fb 16734->16735 16736 6cb0e63e _free 14 API calls 16735->16736 16737 6cb0e306 16736->16737 16738 6cb0e63e _free 14 API calls 16737->16738 16739 6cb0e311 16738->16739 16740 6cb0e63e _free 14 API calls 16739->16740 16741 6cb0e31c 16740->16741 16742 6cb0e63e _free 14 API calls 16741->16742 16743 6cb0e32a 16742->16743 16748 6cb0e0d4 16743->16748 16749 6cb0e0e0 CallCatchBlock 16748->16749 16764 6cb0b7ed EnterCriticalSection 16749->16764 16753 6cb0e0ea 16754 6cb0e63e _free 14 API calls 16753->16754 16755 6cb0e114 16753->16755 16754->16755 16765 6cb0e133 16755->16765 16756 6cb0e13f 16757 6cb0e14b CallCatchBlock 16756->16757 16769 6cb0b7ed EnterCriticalSection 16757->16769 16759 6cb0e155 16760 6cb0e375 _free 14 API calls 16759->16760 16761 6cb0e168 16760->16761 16770 6cb0e188 16761->16770 16764->16753 16768 6cb0b835 LeaveCriticalSection 16765->16768 16767 6cb0e121 16767->16756 16768->16767 16769->16759 16773 6cb0b835 LeaveCriticalSection 16770->16773 16775 6cb08dba 16774->16775 16781 6cb064c8 16774->16781 16776 6cb08dc8 16775->16776 16777 6cb09fab ___vcrt_FlsGetValue 6 API calls 16775->16777 16778 6cb09fe6 ___vcrt_FlsSetValue 6 API calls 16776->16778 16777->16776 16779 6cb08dd8 16778->16779 16782 6cb08d91 16779->16782 16781->16651 16783 6cb08da8 16782->16783 16784 6cb08d9b 16782->16784 16783->16781 16784->16783 16785 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 16784->16785 16785->16783 16787 6cb08df1 _unexpected 23 API calls 16786->16787 16788 6cb064a4 16787->16788 16788->16660 16789 6cb0d884 16788->16789 16790 6cb0e543 _free 14 API calls 16789->16790 16791 6cb064b0 16790->16791 16791->16663 16791->16664 16793 6cb06538 16792->16793 16812 6cb06cc5 IsProcessorFeaturePresent 16793->16812 16797 6cb06549 16798 6cb0654d 16797->16798 16822 6cb08d13 16797->16822 16798->16668 16865 6cb06568 16800->16865 16802 6cb06498 16802->16674 16803->16677 16805 6cb0646b ___scrt_release_startup_lock 16804->16805 16806 6cb06cc5 IsProcessorFeaturePresent 16805->16806 16807 6cb06474 16805->16807 16806->16807 16807->16676 16809 6cb06b14 __fread_nolock _unexpected 16808->16809 16810 6cb06bbf IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16809->16810 16811 6cb06c0a _unexpected 16810->16811 16811->16673 16813 6cb06544 16812->16813 16814 6cb08cde 16813->16814 16828 6cb09de7 16814->16828 16817 6cb08ce7 16817->16797 16819 6cb08cef 16820 6cb08cfa 16819->16820 16842 6cb09e23 16819->16842 16820->16797 16823 6cb08d26 16822->16823 16824 6cb08d1c 16822->16824 16823->16798 16825 6cb08eb6 ___vcrt_uninitialize_ptd 6 API calls 16824->16825 16826 6cb08d21 16825->16826 16827 6cb09e23 ___vcrt_uninitialize_locks DeleteCriticalSection 16826->16827 16827->16823 16829 6cb09df0 16828->16829 16831 6cb09e19 16829->16831 16832 6cb08ce3 16829->16832 16846 6cb0a024 16829->16846 16833 6cb09e23 ___vcrt_uninitialize_locks DeleteCriticalSection 16831->16833 16832->16817 16834 6cb08e83 16832->16834 16833->16832 16851 6cb09f35 16834->16851 16837 6cb09fe6 ___vcrt_FlsSetValue 6 API calls 16838 6cb08ea6 16837->16838 16839 6cb08eb3 16838->16839 16856 6cb08eb6 16838->16856 16839->16819 16841 6cb08e98 16841->16819 16843 6cb09e4d 16842->16843 16844 6cb09e2e 16842->16844 16843->16817 16845 6cb09e38 DeleteCriticalSection 16844->16845 16845->16843 16845->16845 16847 6cb09eec ___vcrt_FlsSetValue 5 API calls 16846->16847 16848 6cb0a03e 16847->16848 16849 6cb0a05c InitializeCriticalSectionAndSpinCount 16848->16849 16850 6cb0a047 16848->16850 16849->16850 16850->16829 16852 6cb09eec ___vcrt_FlsSetValue 5 API calls 16851->16852 16853 6cb09f4f 16852->16853 16854 6cb09f68 TlsAlloc 16853->16854 16855 6cb08e8d 16853->16855 16855->16837 16855->16841 16857 6cb08ec0 16856->16857 16858 6cb08ec6 16856->16858 16860 6cb09f70 16857->16860 16858->16841 16861 6cb09eec ___vcrt_FlsSetValue 5 API calls 16860->16861 16862 6cb09f8a 16861->16862 16863 6cb09fa2 TlsFree 16862->16863 16864 6cb09f96 16862->16864 16863->16864 16864->16858 16866 6cb06574 16865->16866 16867 6cb06578 16865->16867 16866->16802 16868 6cb06afe __DllMainCRTStartup@12 4 API calls 16867->16868 16870 6cb06585 ___scrt_release_startup_lock 16867->16870 16869 6cb065ee 16868->16869 16870->16802 16872 6cb06504 ___scrt_release_startup_lock 16871->16872 16873 6cb06508 16872->16873 16877 6cb06514 __DllMainCRTStartup@12 16872->16877 16874 6cb0d6ee __DllMainCRTStartup@12 14 API calls 16873->16874 16875 6cb06512 16874->16875 16875->16685 16876 6cb06521 16876->16685 16877->16876 16892 6cb0cd98 16877->16892 16905 6cb08d6e InterlockedFlushSList 16880->16905 16884 6cb066ac 16883->16884 16888 6cb0624d 16884->16888 16909 6cb0d897 16884->16909 16886 6cb066ba 16887 6cb08d13 ___scrt_uninitialize_crt 7 API calls 16886->16887 16887->16888 16889 6cb06289 16888->16889 16917 6cb06522 16889->16917 16893 6cb0cda6 16892->16893 16894 6cb0cdb8 16892->16894 16896 6cb0ce3e _unexpected GetModuleHandleW 16893->16896 16895 6cb0cc5e _unexpected 14 API calls 16894->16895 16897 6cb0cdeb 16895->16897 16898 6cb0cdab 16896->16898 16899 6cb0cdf1 16897->16899 16900 6cb0cdf3 16897->16900 16898->16894 16902 6cb0ce81 _unexpected 3 API calls 16898->16902 16899->16685 16901 6cb0cdfc _unexpected 13 API calls 16900->16901 16903 6cb0cdfb 16901->16903 16904 6cb0cdb7 16902->16904 16904->16894 16906 6cb08d7e 16905->16906 16908 6cb06ad3 16905->16908 16907 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 16906->16907 16906->16908 16907->16906 16908->16687 16910 6cb0d8a2 16909->16910 16911 6cb0d8b4 ___scrt_uninitialize_crt 16909->16911 16912 6cb0d8b0 16910->16912 16914 6cb0a892 16910->16914 16911->16886 16912->16886 16915 6cb0a740 ___scrt_uninitialize_crt 66 API calls 16914->16915 16916 6cb0a899 16915->16916 16916->16912 16922 6cb0d8c7 16917->16922 16920 6cb08eb6 ___vcrt_uninitialize_ptd 6 API calls 16921 6cb0628e 16920->16921 16921->16694 16925 6cb0e624 16922->16925 16926 6cb06529 16925->16926 16927 6cb0e62e 16925->16927 16926->16920 16929 6cb0eae7 16927->16929 16930 6cb0e972 std::_Lockit::_Lockit 5 API calls 16929->16930 16931 6cb0eb03 16930->16931 16932 6cb0eb0c 16931->16932 16933 6cb0eb1e TlsFree 16931->16933 16932->16926 16934 6cb03ef0 16935 6cb03f0c 16934->16935 16941 6cb03f20 16934->16941 16936 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16935->16936 16937 6cb03f1a 16936->16937 16938 6cb03f36 16945 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16938->16945 16939 6cb04044 16940 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16939->16940 16944 6cb04054 16940->16944 16941->16938 16941->16939 16942 6cb03fb7 16941->16942 16943 6cb03f8b 16941->16943 16950 6cb04017 16942->16950 16953 6cb03fe7 16942->16953 16960 6cb0aab8 16943->16960 16947 6cb03f56 16945->16947 16948 6cb03f97 16949 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16948->16949 16952 6cb03fb1 16949->16952 16951 6cb0402d 16950->16951 16954 6cb0b42f 65 API calls 16950->16954 16951->16938 16951->16939 16953->16939 16955 6cb03fec 16953->16955 16954->16951 16978 6cb01050 16955->16978 16958 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16959 6cb04011 16958->16959 16961 6cb0aac4 CallCatchBlock 16960->16961 16962 6cb0aae3 16961->16962 16963 6cb0aacb 16961->16963 16981 6cb0a485 EnterCriticalSection 16962->16981 16964 6cb0c2b2 _free 14 API calls 16963->16964 16966 6cb0aad0 16964->16966 16968 6cb0a29f __fread_nolock 25 API calls 16966->16968 16967 6cb0aaed 16969 6cb0ab86 16967->16969 16971 6cb0f2ab __fread_nolock 25 API calls 16967->16971 16970 6cb0aadb 16968->16970 16982 6cb0abba 16969->16982 16970->16948 16972 6cb0ab07 16971->16972 16972->16969 16974 6cb0ab5e 16972->16974 16975 6cb0c2b2 _free 14 API calls 16974->16975 16976 6cb0ab63 16975->16976 16977 6cb0a29f __fread_nolock 25 API calls 16976->16977 16977->16970 16979 6cb0aab8 27 API calls 16978->16979 16980 6cb01060 16979->16980 16980->16958 16981->16967 16985 6cb0a499 LeaveCriticalSection 16982->16985 16984 6cb0abc0 16984->16970 16985->16984 16986 6cb036f0 16987 6cb036f7 16986->16987 16988 6cb036fd 16986->16988 16990 6cb0a485 EnterCriticalSection 16987->16990 16990->16988 17911 6cb0a3f3 17912 6cb0a892 ___scrt_uninitialize_crt 66 API calls 17911->17912 17913 6cb0a3fb 17912->17913 17921 6cb0ee15 17913->17921 17915 6cb0a400 17916 6cb0eec0 14 API calls 17915->17916 17917 6cb0a40f DeleteCriticalSection 17916->17917 17917->17915 17918 6cb0a42a 17917->17918 17919 6cb0e63e _free 14 API calls 17918->17919 17920 6cb0a435 17919->17920 17922 6cb0ee21 CallCatchBlock 17921->17922 17931 6cb0b7ed EnterCriticalSection 17922->17931 17924 6cb0ee98 17932 6cb0eeb7 17924->17932 17926 6cb0ee2c 17926->17924 17928 6cb0ee6c DeleteCriticalSection 17926->17928 17929 6cb0a524 67 API calls 17926->17929 17930 6cb0e63e _free 14 API calls 17928->17930 17929->17926 17930->17926 17931->17926 17935 6cb0b835 LeaveCriticalSection 17932->17935 17934 6cb0eea4 17934->17915 17935->17934 13613 6cb04fd0 13614 6cb05237 13613->13614 13615 6cb0500f 13613->13615 13615->13614 13647 6cb01640 13615->13647 13621 6cb050be 13622 6cb050fe 13621->13622 13628 6cb0524e 13621->13628 13623 6cb05299 13622->13623 13625 6cb05125 13622->13625 13765 6cb018c0 13623->13765 13677 6cb03c70 13625->13677 13750 6cb01e20 13628->13750 13629 6cb0712b CallUnexpected RaiseException 13631 6cb052b4 13629->13631 13630 6cb05134 13686 6cb031b0 13630->13686 13635 6cb05288 13762 6cb0712b 13635->13762 13648 6cb0167a 13647->13648 13768 6cb05f60 13648->13768 13650 6cb01732 13651 6cb01749 13650->13651 13801 6cb055f9 13650->13801 13782 6cb011d0 13651->13782 13654 6cb017cb 13655 6cb017d7 13654->13655 13813 6cb05a75 13654->13813 13663 6cb01350 13655->13663 13658 6cb017f0 13659 6cb01e20 28 API calls 13658->13659 13660 6cb01824 13659->13660 13661 6cb0712b CallUnexpected RaiseException 13660->13661 13662 6cb01832 13661->13662 13664 6cb05f60 std::_Facet_Register 17 API calls 13663->13664 13665 6cb0138a 13664->13665 13666 6cb013a1 13665->13666 13667 6cb055f9 std::locale::_Init 44 API calls 13665->13667 13668 6cb03e30 13666->13668 13667->13666 13669 6cb03ed5 13668->13669 13670 6cb03e5f 13668->13670 13669->13621 14571 6cb05c5b 13670->14571 13676 6cb03e9e 13676->13621 13678 6cb03c8d 13677->13678 13679 6cb03c94 13677->13679 13678->13630 13680 6cb01e20 28 API calls 13679->13680 13681 6cb03cc8 13680->13681 13682 6cb0712b CallUnexpected RaiseException 13681->13682 13683 6cb03cd6 13682->13683 13684 6cb01070 69 API calls 13683->13684 13685 6cb03cee 13684->13685 13685->13630 14940 6cb04230 13686->14940 13689 6cb03223 13690 6cb03231 13689->13690 13691 6cb03375 13689->13691 14951 6cb03080 13690->14951 15015 6cb01950 13691->15015 13696 6cb0338b 15018 6cb019e0 13696->15018 13697 6cb0712b CallUnexpected RaiseException 13697->13696 13703 6cb0712b CallUnexpected RaiseException 13704 6cb033a1 13703->13704 15021 6cb037a0 13704->15021 13751 6cb01e86 13750->13751 15321 6cb01ae0 13751->15321 13753 6cb01eae 13754 6cb01ed4 std::ios_base::_Ios_base_dtor 13753->13754 13756 6cb01f04 13753->13756 13755 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 13754->13755 13757 6cb01efe 13755->13757 13758 6cb0a2af 25 API calls 13756->13758 13757->13635 13759 6cb01f09 13758->13759 13760 6cb070a9 ___std_exception_copy 26 API calls 13759->13760 13761 6cb01f33 13760->13761 13761->13635 13763 6cb07172 RaiseException 13762->13763 13764 6cb07145 13762->13764 13763->13623 13764->13763 13766 6cb070a9 ___std_exception_copy 26 API calls 13765->13766 13767 6cb018f0 13766->13767 13767->13629 13770 6cb05f65 13768->13770 13771 6cb05f7f 13770->13771 13773 6cb05f81 13770->13773 13819 6cb0c9ea 13770->13819 13822 6cb0b863 13770->13822 13771->13650 13774 6cb03760 Concurrency::cancel_current_task 13773->13774 13776 6cb05f8b std::_Facet_Register 13773->13776 13775 6cb0712b CallUnexpected RaiseException 13774->13775 13777 6cb0377c 13775->13777 13778 6cb0712b CallUnexpected RaiseException 13776->13778 13779 6cb0378d 13777->13779 13818 6cb0a499 LeaveCriticalSection 13777->13818 13780 6cb0681c 13778->13780 13779->13650 14009 6cb052e2 13782->14009 13785 6cb052e2 std::_Lockit::_Lockit 7 API calls 13786 6cb0122a 13785->13786 13789 6cb0533a std::_Lockit::~_Lockit 2 API calls 13786->13789 13788 6cb0124a 13791 6cb05f60 std::_Facet_Register 17 API calls 13788->13791 13800 6cb01292 13788->13800 13789->13788 13790 6cb01332 13790->13654 13790->13658 13793 6cb012a0 13791->13793 13792 6cb0130d 14060 6cb055c7 13792->14060 13799 6cb012f1 13793->13799 14022 6cb01a30 13793->14022 13799->13792 14043 6cb02350 13799->14043 14015 6cb0533a 13800->14015 13802 6cb05605 std::locale::_Init 13801->13802 13803 6cb052e2 std::_Lockit::_Lockit 7 API calls 13802->13803 13804 6cb05610 13803->13804 13812 6cb05641 13804->13812 14545 6cb0575e 13804->14545 13806 6cb0533a std::_Lockit::~_Lockit 2 API calls 13809 6cb05681 std::locale::_Init 13806->13809 13807 6cb05623 14551 6cb05781 13807->14551 13809->13651 13811 6cb05551 _Yarn 15 API calls 13811->13812 13812->13806 13814 6cb052e2 std::_Lockit::_Lockit 7 API calls 13813->13814 13815 6cb05a85 13814->13815 13816 6cb0533a std::_Lockit::~_Lockit 2 API calls 13815->13816 13817 6cb05ac3 13816->13817 13817->13655 13818->13779 13829 6cb0ca17 13819->13829 13827 6cb1163a _free 13822->13827 13823 6cb11678 13840 6cb0c2b2 13823->13840 13825 6cb11663 HeapAlloc 13826 6cb11676 13825->13826 13825->13827 13826->13770 13827->13823 13827->13825 13828 6cb0c9ea std::_Facet_Register 2 API calls 13827->13828 13828->13827 13830 6cb0ca23 CallCatchBlock 13829->13830 13835 6cb0b7ed EnterCriticalSection 13830->13835 13832 6cb0ca2e 13836 6cb0ca6a 13832->13836 13835->13832 13839 6cb0b835 LeaveCriticalSection 13836->13839 13838 6cb0c9f5 13838->13770 13839->13838 13843 6cb0e543 GetLastError 13840->13843 13842 6cb0c2b7 13842->13826 13844 6cb0e560 13843->13844 13845 6cb0e55a 13843->13845 13864 6cb0e566 SetLastError 13844->13864 13871 6cb0eb65 13844->13871 13866 6cb0eb26 13845->13866 13852 6cb0e596 13854 6cb0eb65 _free 6 API calls 13852->13854 13853 6cb0e5ad 13855 6cb0eb65 _free 6 API calls 13853->13855 13856 6cb0e5a4 13854->13856 13857 6cb0e5b9 13855->13857 13883 6cb0e63e 13856->13883 13858 6cb0e5bd 13857->13858 13859 6cb0e5ce 13857->13859 13860 6cb0eb65 _free 6 API calls 13858->13860 13889 6cb0e1ee 13859->13889 13860->13856 13864->13842 13865 6cb0e63e _free 12 API calls 13865->13864 13894 6cb0e972 13866->13894 13868 6cb0eb42 13869 6cb0eb4b 13868->13869 13870 6cb0eb5d TlsGetValue 13868->13870 13869->13844 13872 6cb0e972 std::_Lockit::_Lockit 5 API calls 13871->13872 13873 6cb0eb81 13872->13873 13874 6cb0e57e 13873->13874 13875 6cb0eb9f TlsSetValue 13873->13875 13874->13864 13876 6cb0e678 13874->13876 13881 6cb0e685 _free 13876->13881 13877 6cb0e6c5 13879 6cb0c2b2 _free 13 API calls 13877->13879 13878 6cb0e6b0 HeapAlloc 13880 6cb0e58e 13878->13880 13878->13881 13879->13880 13880->13852 13880->13853 13881->13877 13881->13878 13882 6cb0c9ea std::_Facet_Register 2 API calls 13881->13882 13882->13881 13884 6cb0e649 HeapFree 13883->13884 13888 6cb0e672 _free 13883->13888 13885 6cb0e65e 13884->13885 13884->13888 13886 6cb0c2b2 _free 12 API calls 13885->13886 13887 6cb0e664 GetLastError 13886->13887 13887->13888 13888->13864 13907 6cb0e082 13889->13907 13895 6cb0e9a0 13894->13895 13899 6cb0e99c std::_Lockit::_Lockit 13894->13899 13895->13899 13900 6cb0e8ab 13895->13900 13898 6cb0e9ba GetProcAddress 13898->13899 13899->13868 13905 6cb0e8bc 13900->13905 13901 6cb0e967 13901->13898 13901->13899 13902 6cb0e8da LoadLibraryExW 13903 6cb0e8f5 GetLastError 13902->13903 13902->13905 13903->13905 13904 6cb0e950 FreeLibrary 13904->13905 13905->13901 13905->13902 13905->13904 13906 6cb0e928 LoadLibraryExW 13905->13906 13906->13905 13908 6cb0e08e CallCatchBlock 13907->13908 13921 6cb0b7ed EnterCriticalSection 13908->13921 13910 6cb0e098 13922 6cb0e0c8 13910->13922 13913 6cb0e194 13914 6cb0e1a0 CallCatchBlock 13913->13914 13926 6cb0b7ed EnterCriticalSection 13914->13926 13916 6cb0e1aa 13927 6cb0e375 13916->13927 13918 6cb0e1c2 13931 6cb0e1e2 13918->13931 13921->13910 13925 6cb0b835 LeaveCriticalSection 13922->13925 13924 6cb0e0b6 13924->13913 13925->13924 13926->13916 13928 6cb0e3ab __Getctype 13927->13928 13929 6cb0e384 __Getctype 13927->13929 13928->13918 13929->13928 13934 6cb176c8 13929->13934 14008 6cb0b835 LeaveCriticalSection 13931->14008 13933 6cb0e1d0 13933->13865 13936 6cb17748 13934->13936 13937 6cb176de 13934->13937 13938 6cb0e63e _free 14 API calls 13936->13938 13961 6cb17796 13936->13961 13937->13936 13942 6cb0e63e _free 14 API calls 13937->13942 13956 6cb17711 13937->13956 13939 6cb1776a 13938->13939 13940 6cb0e63e _free 14 API calls 13939->13940 13943 6cb1777d 13940->13943 13941 6cb0e63e _free 14 API calls 13944 6cb1773d 13941->13944 13946 6cb17706 13942->13946 13948 6cb0e63e _free 14 API calls 13943->13948 13949 6cb0e63e _free 14 API calls 13944->13949 13945 6cb17804 13950 6cb0e63e _free 14 API calls 13945->13950 13962 6cb18233 13946->13962 13947 6cb0e63e _free 14 API calls 13952 6cb17728 13947->13952 13953 6cb1778b 13948->13953 13949->13936 13954 6cb1780a 13950->13954 13990 6cb186e7 13952->13990 13958 6cb0e63e _free 14 API calls 13953->13958 13954->13928 13955 6cb177a4 13955->13945 13959 6cb0e63e 14 API calls _free 13955->13959 13956->13947 13960 6cb17733 13956->13960 13958->13961 13959->13955 13960->13941 14002 6cb17839 13961->14002 13963 6cb18244 13962->13963 13964 6cb1832d 13962->13964 13965 6cb18255 13963->13965 13966 6cb0e63e _free 14 API calls 13963->13966 13964->13956 13967 6cb18267 13965->13967 13968 6cb0e63e _free 14 API calls 13965->13968 13966->13965 13969 6cb18279 13967->13969 13970 6cb0e63e _free 14 API calls 13967->13970 13968->13967 13971 6cb1828b 13969->13971 13973 6cb0e63e _free 14 API calls 13969->13973 13970->13969 13972 6cb1829d 13971->13972 13974 6cb0e63e _free 14 API calls 13971->13974 13975 6cb182af 13972->13975 13976 6cb0e63e _free 14 API calls 13972->13976 13973->13971 13974->13972 13977 6cb182c1 13975->13977 13978 6cb0e63e _free 14 API calls 13975->13978 13976->13975 13978->13977 13991 6cb186f4 13990->13991 13992 6cb1874c 13990->13992 13993 6cb18704 13991->13993 13994 6cb0e63e _free 14 API calls 13991->13994 13992->13960 13995 6cb18716 13993->13995 13996 6cb0e63e _free 14 API calls 13993->13996 13994->13993 13997 6cb18728 13995->13997 13998 6cb0e63e _free 14 API calls 13995->13998 13996->13995 13999 6cb1873a 13997->13999 14000 6cb0e63e _free 14 API calls 13997->14000 13998->13997 13999->13992 14001 6cb0e63e _free 14 API calls 13999->14001 14000->13999 14001->13992 14003 6cb17865 14002->14003 14004 6cb17846 14002->14004 14003->13955 14004->14003 14005 6cb18c12 __Getctype 14 API calls 14004->14005 14006 6cb1785f 14005->14006 14007 6cb0e63e _free 14 API calls 14006->14007 14007->14003 14008->13933 14010 6cb052f1 14009->14010 14011 6cb052f8 14009->14011 14063 6cb0b84c 14010->14063 14014 6cb01208 14011->14014 14068 6cb05ca4 EnterCriticalSection 14011->14068 14014->13785 14014->13788 14016 6cb05344 14015->14016 14017 6cb0b85a 14015->14017 14021 6cb05357 14016->14021 14120 6cb05cb2 LeaveCriticalSection 14016->14120 14121 6cb0b835 LeaveCriticalSection 14017->14121 14019 6cb0b861 14019->13790 14021->13790 14023 6cb052e2 std::_Lockit::_Lockit 7 API calls 14022->14023 14024 6cb01a60 14023->14024 14025 6cb01ac6 14024->14025 14026 6cb01aa8 14024->14026 14131 6cb05448 14025->14131 14122 6cb056f9 14026->14122 14541 6cb05744 14043->14541 14046 6cb0238b 14047 6cb023a2 14046->14047 14049 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14046->14049 14050 6cb023b9 14047->14050 14051 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14047->14051 14048 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14048->14046 14049->14047 14052 6cb023d0 14050->14052 14053 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14050->14053 14051->14050 14054 6cb023e7 14052->14054 14056 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14052->14056 14053->14052 14055 6cb023fe 14054->14055 14057 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14054->14057 14058 6cb0533a std::_Lockit::~_Lockit 2 API calls 14055->14058 14056->14054 14057->14055 14059 6cb0240f 14058->14059 14059->13792 14061 6cb05f60 std::_Facet_Register 17 API calls 14060->14061 14062 6cb055d2 14061->14062 14062->13800 14069 6cb0ed7d 14063->14069 14068->14014 14090 6cb0e78d 14069->14090 14089 6cb0edaf 14089->14089 14091 6cb0e972 std::_Lockit::_Lockit 5 API calls 14090->14091 14092 6cb0e7a3 14091->14092 14093 6cb0e7a7 14092->14093 14094 6cb0e972 std::_Lockit::_Lockit 5 API calls 14093->14094 14095 6cb0e7bd 14094->14095 14096 6cb0e7c1 14095->14096 14097 6cb0e972 std::_Lockit::_Lockit 5 API calls 14096->14097 14098 6cb0e7d7 14097->14098 14099 6cb0e7db 14098->14099 14100 6cb0e972 std::_Lockit::_Lockit 5 API calls 14099->14100 14101 6cb0e7f1 14100->14101 14102 6cb0e7f5 14101->14102 14103 6cb0e972 std::_Lockit::_Lockit 5 API calls 14102->14103 14104 6cb0e80b 14103->14104 14105 6cb0e80f 14104->14105 14106 6cb0e972 std::_Lockit::_Lockit 5 API calls 14105->14106 14107 6cb0e825 14106->14107 14108 6cb0e829 14107->14108 14109 6cb0e972 std::_Lockit::_Lockit 5 API calls 14108->14109 14110 6cb0e83f 14109->14110 14111 6cb0e843 14110->14111 14112 6cb0e972 std::_Lockit::_Lockit 5 API calls 14111->14112 14113 6cb0e859 14112->14113 14114 6cb0e877 14113->14114 14115 6cb0e972 std::_Lockit::_Lockit 5 API calls 14114->14115 14116 6cb0e88d 14115->14116 14117 6cb0e85d 14116->14117 14118 6cb0e972 std::_Lockit::_Lockit 5 API calls 14117->14118 14119 6cb0e873 14118->14119 14119->14089 14120->14021 14121->14019 14136 6cb0bac3 14122->14136 14126 6cb0572d 14129 6cb05551 _Yarn 15 API calls 14126->14129 14127 6cb0571d 14127->14126 14128 6cb0bac3 std::_Locinfo::_Locinfo_dtor 64 API calls 14127->14128 14128->14126 14130 6cb012d4 14129->14130 14427 6cb01f50 14131->14427 14133 6cb05459 14134 6cb0712b CallUnexpected RaiseException 14133->14134 14135 6cb05467 14134->14135 14137 6cb0ed7d std::_Lockit::_Lockit 5 API calls 14136->14137 14138 6cb0bad0 14137->14138 14147 6cb0b86e 14138->14147 14141 6cb05551 14142 6cb0555f 14141->14142 14146 6cb0558a _Yarn 14141->14146 14143 6cb0556b 14142->14143 14424 6cb0a300 14142->14424 14145 6cb0b863 ___std_exception_copy 15 API calls 14143->14145 14143->14146 14145->14146 14146->14127 14148 6cb0b87a CallCatchBlock 14147->14148 14155 6cb0b7ed EnterCriticalSection 14148->14155 14150 6cb0b888 14156 6cb0b8c9 14150->14156 14155->14150 14181 6cb0ba28 14156->14181 14158 6cb0b8e4 14159 6cb0b895 14158->14159 14205 6cb0e3ec GetLastError 14158->14205 14178 6cb0b8bd 14159->14178 14423 6cb0b835 LeaveCriticalSection 14178->14423 14180 6cb05705 14180->14141 14182 6cb0ba42 14181->14182 14183 6cb0ba34 14181->14183 14277 6cb1190b 14182->14277 14262 6cb12674 14183->14262 14186 6cb0ba3e 14186->14158 14188 6cb0bab8 14190 6cb0a2cc __Getctype 11 API calls 14188->14190 14189 6cb0e678 _free 14 API calls 14191 6cb0ba74 14189->14191 14192 6cb0bac2 14190->14192 14193 6cb0ba9c 14191->14193 14195 6cb1190b __cftoe 39 API calls 14191->14195 14197 6cb0ed7d std::_Lockit::_Lockit 5 API calls 14192->14197 14194 6cb0e63e _free 14 API calls 14193->14194 14196 6cb0bab1 14194->14196 14198 6cb0ba8b 14195->14198 14196->14158 14199 6cb0bad0 14197->14199 14200 6cb0ba92 14198->14200 14201 6cb0ba9e 14198->14201 14202 6cb0b86e std::_Locinfo::_Locinfo_dtor 64 API calls 14199->14202 14200->14188 14200->14193 14203 6cb12674 std::_Locinfo::_Locinfo_dtor 61 API calls 14201->14203 14204 6cb0baf9 14202->14204 14203->14193 14204->14158 14206 6cb0e403 14205->14206 14207 6cb0e409 14205->14207 14209 6cb0eb26 _free 6 API calls 14206->14209 14208 6cb0eb65 _free 6 API calls 14207->14208 14229 6cb0e40f SetLastError 14207->14229 14210 6cb0e427 14208->14210 14209->14207 14211 6cb0e678 _free 14 API calls 14210->14211 14210->14229 14213 6cb0e437 14211->14213 14214 6cb0e456 14213->14214 14215 6cb0e43f 14213->14215 14219 6cb0eb65 _free 6 API calls 14214->14219 14220 6cb0eb65 _free 6 API calls 14215->14220 14216 6cb0e4a3 14321 6cb0c649 14216->14321 14217 6cb0b8f1 14232 6cb11bca 14217->14232 14222 6cb0e462 14219->14222 14223 6cb0e44d 14220->14223 14224 6cb0e466 14222->14224 14225 6cb0e477 14222->14225 14228 6cb0e63e _free 14 API calls 14223->14228 14226 6cb0eb65 _free 6 API calls 14224->14226 14227 6cb0e1ee _free 14 API calls 14225->14227 14226->14223 14228->14229 14229->14216 14229->14217 14233 6cb11be1 14232->14233 14234 6cb11c13 14233->14234 14238 6cb11be5 14233->14238 14235 6cb0c2b2 _free 14 API calls 14234->14235 14236 6cb11c18 14235->14236 14237 6cb0a29f __fread_nolock 25 API calls 14236->14237 14239 6cb11c26 14238->14239 14240 6cb11c06 14238->14240 14371 6cb1192b 14239->14371 14242 6cb0c2b2 _free 14 API calls 14240->14242 14244 6cb11c0b 14242->14244 14263 6cb1268a 14262->14263 14264 6cb1269e 14262->14264 14266 6cb0c2b2 _free 14 API calls 14263->14266 14265 6cb0e3ec _unexpected 37 API calls 14264->14265 14267 6cb126a3 14265->14267 14268 6cb1268f 14266->14268 14269 6cb0ed7d std::_Lockit::_Lockit 5 API calls 14267->14269 14280 6cb0a29f 14268->14280 14272 6cb126ab 14269->14272 14283 6cb17914 14272->14283 14276 6cb126f2 14276->14186 14300 6cb1182b 14277->14300 14281 6cb0a23b __fread_nolock 25 API calls 14280->14281 14282 6cb0a2ab 14281->14282 14282->14186 14284 6cb17920 CallCatchBlock 14283->14284 14285 6cb0e3ec _unexpected 37 API calls 14284->14285 14286 6cb17929 14285->14286 14287 6cb0b7ed std::_Lockit::_Lockit EnterCriticalSection 14286->14287 14293 6cb126b0 14286->14293 14288 6cb17947 14287->14288 14289 6cb17995 __Getctype 14 API calls 14288->14289 14290 6cb17958 14289->14290 14291 6cb17974 __Getctype LeaveCriticalSection 14290->14291 14292 6cb1796b 14291->14292 14292->14293 14294 6cb0c649 __purecall 37 API calls 14292->14294 14296 6cb11cde 14293->14296 14295 6cb17994 14294->14295 14297 6cb11cea CallCatchBlock 14296->14297 14298 6cb11e0b std::_Locinfo::_Locinfo_dtor 61 API calls 14297->14298 14299 6cb11cf6 std::_Locinfo::_Locinfo_dtor 14298->14299 14299->14276 14301 6cb11842 14300->14301 14302 6cb11881 14301->14302 14303 6cb11846 14301->14303 14304 6cb0c2b2 _free 14 API calls 14302->14304 14307 6cb0c2c5 __fassign 37 API calls 14303->14307 14305 6cb11886 14304->14305 14306 6cb0a29f __fread_nolock 25 API calls 14305->14306 14318 6cb0ba59 14306->14318 14308 6cb11863 14307->14308 14309 6cb11892 14308->14309 14310 6cb11874 14308->14310 14312 6cb11688 __cftoe 39 API calls 14309->14312 14311 6cb0c2b2 _free 14 API calls 14310->14311 14313 6cb11879 14311->14313 14314 6cb118a0 14312->14314 14316 6cb0a29f __fread_nolock 25 API calls 14313->14316 14315 6cb118a8 14314->14315 14319 6cb118ba 14314->14319 14317 6cb0c2b2 _free 14 API calls 14315->14317 14316->14318 14317->14318 14318->14188 14318->14189 14319->14318 14320 6cb0c2b2 _free 14 API calls 14319->14320 14320->14313 14332 6cb15e4d 14321->14332 14325 6cb0c663 IsProcessorFeaturePresent 14327 6cb0c659 14327->14325 14331 6cb0c682 14327->14331 14333 6cb15d7f _unexpected EnterCriticalSection LeaveCriticalSection 14332->14333 14334 6cb0c64e 14333->14334 14334->14327 14335 6cb15e92 14334->14335 14336 6cb15e9e CallCatchBlock 14335->14336 14337 6cb0e543 _free 14 API calls 14336->14337 14341 6cb15ecb _unexpected 14336->14341 14342 6cb15ec5 _unexpected 14336->14342 14337->14342 14342->14341 14372 6cb11937 __EH_prolog3_GS 14371->14372 14423->14180 14425 6cb0e63e _free 14 API calls 14424->14425 14426 6cb0a318 14425->14426 14426->14143 14430 6cb070a9 14427->14430 14431 6cb070b6 14430->14431 14432 6cb01f80 14430->14432 14431->14432 14433 6cb070c6 14431->14433 14432->14133 14434 6cb0b863 ___std_exception_copy 15 API calls 14433->14434 14435 6cb070d3 14434->14435 14436 6cb070e3 14435->14436 14440 6cb0d915 14435->14440 14438 6cb0a300 std::locale::_Locimp::~_Locimp 14 API calls 14436->14438 14439 6cb070f9 14438->14439 14439->14432 14441 6cb0d922 14440->14441 14442 6cb0d930 14440->14442 14441->14442 14444 6cb0d947 14441->14444 14443 6cb0c2b2 _free 14 API calls 14442->14443 14448 6cb0d938 14443->14448 14446 6cb0d942 14444->14446 14447 6cb0c2b2 _free 14 API calls 14444->14447 14445 6cb0a29f __fread_nolock 25 API calls 14445->14446 14446->14436 14447->14448 14448->14445 14542 6cb05750 14541->14542 14543 6cb0237b 14541->14543 14544 6cb0bac3 std::_Locinfo::_Locinfo_dtor 64 API calls 14542->14544 14543->14046 14543->14048 14544->14543 14546 6cb05f60 std::_Facet_Register 17 API calls 14545->14546 14547 6cb05769 14546->14547 14548 6cb0577d 14547->14548 14555 6cb0548d 14547->14555 14548->13807 14552 6cb0578d 14551->14552 14553 6cb0562b 14551->14553 14558 6cb05d2e 14552->14558 14553->13811 14556 6cb05551 _Yarn 15 API calls 14555->14556 14557 6cb054c7 14556->14557 14557->13807 14559 6cb0c649 14558->14559 14560 6cb05d3e EncodePointer 14558->14560 14561 6cb15e4d _unexpected 2 API calls 14559->14561 14560->14553 14560->14559 14562 6cb0c64e 14561->14562 14563 6cb0c659 14562->14563 14564 6cb15e92 _unexpected 37 API calls 14562->14564 14565 6cb0c663 IsProcessorFeaturePresent 14563->14565 14570 6cb0c682 14563->14570 14564->14563 14567 6cb0c66f 14565->14567 14566 6cb0cef2 _unexpected 23 API calls 14569 6cb0c68c 14566->14569 14568 6cb0a0f3 _unexpected 8 API calls 14567->14568 14568->14570 14570->14566 14573 6cb05bb5 14571->14573 14572 6cb03e6d 14572->13669 14581 6cb03570 14572->14581 14573->14572 14574 6cb05c16 14573->14574 14576 6cb05c64 28 API calls 14573->14576 14579 6cb05c1d 14574->14579 14602 6cb05c64 14574->14602 14576->14574 14579->14572 14605 6cb0a524 14579->14605 14582 6cb0360e 14581->14582 14583 6cb035e7 14581->14583 14585 6cb01070 14582->14585 14933 6cb0a43f 14583->14933 14586 6cb052e2 std::_Lockit::_Lockit 7 API calls 14585->14586 14587 6cb010a6 14586->14587 14588 6cb052e2 std::_Lockit::_Lockit 7 API calls 14587->14588 14594 6cb010e4 14587->14594 14589 6cb010c4 14588->14589 14592 6cb0533a std::_Lockit::~_Lockit 2 API calls 14589->14592 14590 6cb0112c 14591 6cb0533a std::_Lockit::~_Lockit 2 API calls 14590->14591 14593 6cb011b3 14591->14593 14592->14594 14593->13676 14594->14590 14595 6cb05f60 std::_Facet_Register 17 API calls 14594->14595 14598 6cb01137 14595->14598 14596 6cb0116b 14597 6cb0118e 14596->14597 14599 6cb02350 65 API calls 14596->14599 14600 6cb055c7 std::_Facet_Register 17 API calls 14597->14600 14598->14596 14601 6cb01a30 67 API calls 14598->14601 14599->14597 14600->14590 14601->14596 14621 6cb0c22e 14602->14621 14606 6cb0a530 CallCatchBlock 14605->14606 14607 6cb0a53a 14606->14607 14608 6cb0a54f 14606->14608 14609 6cb0c2b2 _free 14 API calls 14607->14609 14615 6cb0a54a __Getctype 14608->14615 14638 6cb0a485 EnterCriticalSection 14608->14638 14610 6cb0a53f 14609->14610 14612 6cb0a29f __fread_nolock 25 API calls 14610->14612 14612->14615 14613 6cb0a56c 14639 6cb0a4ad 14613->14639 14615->14572 14616 6cb0a577 14655 6cb0a59e 14616->14655 14618 6cb0b1f5 14900 6cb0af98 14618->14900 14623 6cb0c178 CallCatchBlock 14621->14623 14622 6cb0c18b 14624 6cb0c2b2 _free 14 API calls 14622->14624 14623->14622 14625 6cb0c1ad 14623->14625 14626 6cb0c190 14624->14626 14627 6cb0c1b2 14625->14627 14628 6cb0c1bf 14625->14628 14629 6cb0a29f __fread_nolock 25 API calls 14626->14629 14630 6cb0c2b2 _free 14 API calls 14627->14630 14631 6cb0f2d2 __Getctype 17 API calls 14628->14631 14632 6cb05c36 14629->14632 14630->14632 14633 6cb0c1c8 14631->14633 14632->14572 14632->14618 14634 6cb0c1db __Getctype 14633->14634 14635 6cb0c1ce 14633->14635 14637 6cb0c217 __Getctype LeaveCriticalSection 14634->14637 14636 6cb0c2b2 _free 14 API calls 14635->14636 14636->14632 14637->14632 14638->14613 14640 6cb0a4ba 14639->14640 14641 6cb0a4cf 14639->14641 14642 6cb0c2b2 _free 14 API calls 14640->14642 14647 6cb0a4ca __Getctype 14641->14647 14658 6cb0a7e5 14641->14658 14643 6cb0a4bf 14642->14643 14645 6cb0a29f __fread_nolock 25 API calls 14643->14645 14645->14647 14647->14616 14651 6cb0a4f2 14675 6cb0f182 14651->14675 14899 6cb0a499 LeaveCriticalSection 14655->14899 14657 6cb0a5a6 14657->14615 14659 6cb0a4e4 14658->14659 14660 6cb0a7fd 14658->14660 14664 6cb0eec0 14659->14664 14660->14659 14661 6cb0f2ab __fread_nolock 25 API calls 14660->14661 14662 6cb0a81b 14661->14662 14690 6cb0fcd2 14662->14690 14665 6cb0eed7 14664->14665 14667 6cb0a4ec 14664->14667 14666 6cb0e63e _free 14 API calls 14665->14666 14665->14667 14666->14667 14668 6cb0f2ab 14667->14668 14669 6cb0f2b7 14668->14669 14670 6cb0f2cc 14668->14670 14671 6cb0c2b2 _free 14 API calls 14669->14671 14670->14651 14672 6cb0f2bc 14671->14672 14673 6cb0a29f __fread_nolock 25 API calls 14672->14673 14674 6cb0f2c7 14673->14674 14674->14651 14676 6cb0f193 14675->14676 14677 6cb0f1a8 14675->14677 14678 6cb0c29f __dosmaperr 14 API calls 14676->14678 14679 6cb0f1f1 14677->14679 14684 6cb0f1cf 14677->14684 14681 6cb0f198 14678->14681 14680 6cb0c29f __dosmaperr 14 API calls 14679->14680 14682 6cb0f1f6 14680->14682 14683 6cb0c2b2 _free 14 API calls 14681->14683 14686 6cb0c2b2 _free 14 API calls 14682->14686 14859 6cb0f0f6 14684->14859 14691 6cb0fcde CallCatchBlock 14690->14691 14692 6cb0fce6 14691->14692 14695 6cb0fcfe 14691->14695 14715 6cb0c29f 14692->14715 14693 6cb0fd99 14696 6cb0c29f __dosmaperr 14 API calls 14693->14696 14695->14693 14698 6cb0fd30 14695->14698 14699 6cb0fd9e 14696->14699 14718 6cb17c60 EnterCriticalSection 14698->14718 14702 6cb0c2b2 _free 14 API calls 14699->14702 14700 6cb0c2b2 _free 14 API calls 14714 6cb0fcf3 14700->14714 14704 6cb0fda6 14702->14704 14703 6cb0fd36 14705 6cb0fd52 14703->14705 14706 6cb0fd67 14703->14706 14708 6cb0c2b2 _free 14 API calls 14705->14708 14719 6cb0fdc4 14706->14719 14714->14659 14716 6cb0e543 _free 14 API calls 14715->14716 14717 6cb0c2a4 14716->14717 14717->14700 14718->14703 14860 6cb0f102 CallCatchBlock 14859->14860 14870 6cb17c60 EnterCriticalSection 14860->14870 14899->14657 14902 6cb0afa4 CallCatchBlock 14900->14902 14901 6cb0afaa 14904 6cb0c2b2 _free 14 API calls 14901->14904 14902->14901 14903 6cb0afd0 14902->14903 14913 6cb0a485 EnterCriticalSection 14903->14913 14906 6cb0afaf 14904->14906 14908 6cb0a29f __fread_nolock 25 API calls 14906->14908 14907 6cb0afdc 14914 6cb0b0fc 14907->14914 14909 6cb0afba 14908->14909 14909->14579 14911 6cb0aff0 14925 6cb0b019 14911->14925 14913->14907 14915 6cb0b11f 14914->14915 14916 6cb0b10f 14914->14916 14928 6cb0b023 14915->14928 14917 6cb0c2b2 _free 14 API calls 14916->14917 14919 6cb0b114 14917->14919 14919->14911 14920 6cb0b142 14921 6cb0a7e5 ___scrt_uninitialize_crt 62 API calls 14920->14921 14924 6cb0b1c5 14920->14924 14922 6cb0b169 14921->14922 14923 6cb114a2 __fread_nolock 27 API calls 14922->14923 14923->14924 14924->14911 14932 6cb0a499 LeaveCriticalSection 14925->14932 14927 6cb0b021 14927->14909 14929 6cb0b08c 14928->14929 14930 6cb0b034 14928->14930 14929->14920 14930->14929 14931 6cb114a2 __fread_nolock 27 API calls 14930->14931 14931->14929 14932->14927 14934 6cb0a44b 14933->14934 14938 6cb0a460 14933->14938 14935 6cb0c2b2 _free 14 API calls 14934->14935 14936 6cb0a450 14935->14936 14937 6cb0a29f __fread_nolock 25 API calls 14936->14937 14939 6cb0a45b 14937->14939 14938->14582 14939->14582 14941 6cb04251 14940->14941 14945 6cb03218 14940->14945 15035 6cb03470 14941->15035 14943 6cb04256 14943->14945 15054 6cb0aee3 14943->15054 14946 6cb03000 14945->14946 14947 6cb03015 14946->14947 14948 6cb03070 14947->14948 15125 6cb04120 14947->15125 14948->13689 14949 6cb0305e 14949->13689 15010 6cb04120 65 API calls 14951->15010 14952 6cb030c2 15012 6cb04230 65 API calls 14952->15012 14953 6cb03136 15144 6cb047c0 14953->15144 14954 6cb0314c 15010->14952 15012->14953 15016 6cb070a9 ___std_exception_copy 26 API calls 15015->15016 15017 6cb01981 15016->15017 15017->13696 15017->13697 15019 6cb070a9 ___std_exception_copy 26 API calls 15018->15019 15020 6cb01a11 15019->15020 15020->13703 15036 6cb0352c 15035->15036 15037 6cb0348d 15035->15037 15038 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15036->15038 15037->15036 15042 6cb03497 15037->15042 15039 6cb03539 15038->15039 15039->14943 15040 6cb0351a 15041 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15040->15041 15043 6cb03528 15041->15043 15042->15040 15044 6cb034c8 15042->15044 15045 6cb034e2 15042->15045 15043->14943 15044->15040 15047 6cb034cd 15044->15047 15046 6cb03503 15045->15046 15064 6cb0b42f 15045->15064 15049 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15046->15049 15050 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15047->15050 15053 6cb03516 15049->15053 15051 6cb034de 15050->15051 15051->14943 15052 6cb034fc 15052->15040 15052->15046 15053->14943 15055 6cb0af03 15054->15055 15056 6cb0aeee 15054->15056 15055->15056 15058 6cb0af0a 15055->15058 15057 6cb0c2b2 _free 14 API calls 15056->15057 15059 6cb0aef3 15057->15059 15122 6cb0b1da 15058->15122 15061 6cb0a29f __fread_nolock 25 API calls 15059->15061 15063 6cb0aefe 15061->15063 15063->14945 15065 6cb0b45a 15064->15065 15066 6cb0b43d 15064->15066 15065->15052 15066->15065 15067 6cb0b44a 15066->15067 15068 6cb0b45e 15066->15068 15069 6cb0c2b2 _free 14 API calls 15067->15069 15074 6cb0b210 15068->15074 15071 6cb0b44f 15069->15071 15073 6cb0a29f __fread_nolock 25 API calls 15071->15073 15073->15065 15075 6cb0b21c CallCatchBlock 15074->15075 15082 6cb0a485 EnterCriticalSection 15075->15082 15077 6cb0b22a 15083 6cb0b26b 15077->15083 15082->15077 15093 6cb114f8 15083->15093 15115 6cb114bd 15093->15115 15116 6cb114c9 15115->15116 15123 6cb0af98 64 API calls 15122->15123 15124 6cb0af19 15123->15124 15124->14945 15126 6cb04132 15125->15126 15127 6cb0418d 15126->15127 15128 6cb03470 65 API calls 15126->15128 15127->14949 15129 6cb0415d 15128->15129 15129->15127 15130 6cb0417a 15129->15130 15131 6cb0b1da 64 API calls 15129->15131 15130->15127 15133 6cb0aa34 15130->15133 15131->15130 15134 6cb0aa54 15133->15134 15135 6cb0aa3f 15133->15135 15138 6cb0c2b2 _free 14 API calls 15134->15138 15139 6cb0aa6c 15134->15139 15136 6cb0c2b2 _free 14 API calls 15135->15136 15137 6cb0aa44 15136->15137 15140 6cb0a29f __fread_nolock 25 API calls 15137->15140 15141 6cb0aa61 15138->15141 15139->15127 15142 6cb0aa4f 15140->15142 15143 6cb0a29f __fread_nolock 25 API calls 15141->15143 15142->15127 15143->15139 15148 6cb047d3 _Yarn 15144->15148 15145 6cb04944 15149 6cb047d9 _Yarn 15145->15149 15150 6cb0ada8 15145->15150 15146 6cb0ada8 __fread_nolock 39 API calls 15146->15148 15148->15145 15148->15146 15148->15149 15149->14954 15322 6cb01b24 15321->15322 15325 6cb01b2e _Yarn 15322->15325 15338 6cb037b0 15322->15338 15324 6cb01bee std::ios_base::_Ios_base_dtor 15326 6cb070a9 ___std_exception_copy 26 API calls 15324->15326 15325->15324 15327 6cb01ca4 15325->15327 15328 6cb01c3a 15326->15328 15329 6cb0a2af 25 API calls 15327->15329 15330 6cb01c69 std::ios_base::_Ios_base_dtor 15328->15330 15331 6cb01ca9 15328->15331 15329->15331 15332 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15330->15332 15334 6cb0a2af 25 API calls 15331->15334 15333 6cb01c9e 15332->15333 15333->13753 15335 6cb01cae 15334->15335 15336 6cb070a9 ___std_exception_copy 26 API calls 15335->15336 15337 6cb01cd4 15336->15337 15337->13753 15339 6cb037e0 15338->15339 15340 6cb037bd 15338->15340 15343 6cb037f1 15339->15343 15346 6cb05f60 std::_Facet_Register 17 API calls 15339->15346 15341 6cb037c4 15340->15341 15342 6cb037f7 15340->15342 15345 6cb05f60 std::_Facet_Register 17 API calls 15341->15345 15344 6cb03760 Concurrency::cancel_current_task 2 API calls 15342->15344 15343->15325 15347 6cb037ca 15344->15347 15345->15347 15348 6cb037ea 15346->15348 15349 6cb0a2af 25 API calls 15347->15349 15350 6cb037d3 15347->15350 15348->15325 15351 6cb03801 15349->15351 15350->15325 15352 6cb0395b 15351->15352 15353 6cb0386e 15351->15353 15355 6cb03832 _Yarn 15351->15355 15369 6cb03790 15352->15369 15356 6cb037b0 28 API calls 15353->15356 15355->15325 15358 6cb038b5 _Yarn 15356->15358 15357 6cb0a2af 25 API calls 15360 6cb03965 15357->15360 15358->15357 15365 6cb03912 std::ios_base::_Ios_base_dtor _Yarn 15358->15365 15359 6cb03a57 15361 6cb03790 27 API calls 15359->15361 15360->15359 15363 6cb03986 _Yarn 15360->15363 15364 6cb037b0 28 API calls 15360->15364 15362 6cb03a5c 15361->15362 15362->15325 15363->15325 15366 6cb039f7 _Yarn 15364->15366 15365->15325 15367 6cb03a39 std::ios_base::_Ios_base_dtor 15366->15367 15368 6cb0a2af 25 API calls 15366->15368 15367->15325 15368->15359 15370 6cb05428 std::_Xinvalid_argument 27 API calls 15369->15370 15371 6cb0379a 15370->15371 15696 6cb10133 15697 6cb1013f CallCatchBlock 15696->15697 15698 6cb10145 15697->15698 15699 6cb1015c 15697->15699 15701 6cb0c2b2 _free 14 API calls 15698->15701 15709 6cb0a485 EnterCriticalSection 15699->15709 15703 6cb1014a 15701->15703 15702 6cb1016c 15710 6cb101b3 15702->15710 15705 6cb0a29f __fread_nolock 25 API calls 15703->15705 15706 6cb10155 15705->15706 15707 6cb10178 15731 6cb101a9 15707->15731 15709->15702 15711 6cb101c1 15710->15711 15712 6cb101d8 15710->15712 15713 6cb0c2b2 _free 14 API calls 15711->15713 15714 6cb0f2ab __fread_nolock 25 API calls 15712->15714 15715 6cb101c6 15713->15715 15716 6cb101e2 15714->15716 15717 6cb0a29f __fread_nolock 25 API calls 15715->15717 15734 6cb11487 15716->15734 15718 6cb101d1 15717->15718 15718->15707 15721 6cb10270 15724 6cb1028a 15721->15724 15727 6cb1029e 15721->15727 15722 6cb102c5 15723 6cb102d3 15722->15723 15722->15727 15725 6cb0c2b2 _free 14 API calls 15723->15725 15737 6cb104f0 15724->15737 15726 6cb10227 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15725->15726 15726->15707 15727->15726 15749 6cb10337 15727->15749 15786 6cb0a499 LeaveCriticalSection 15731->15786 15733 6cb101b1 15733->15706 15756 6cb112ff 15734->15756 15738 6cb104ff __wsopen_s 15737->15738 15739 6cb0f2ab __fread_nolock 25 API calls 15738->15739 15741 6cb10512 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15739->15741 15740 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15742 6cb10296 15740->15742 15743 6cb11487 29 API calls 15741->15743 15748 6cb1051e 15741->15748 15742->15726 15744 6cb1056c 15743->15744 15745 6cb1059e ReadFile 15744->15745 15744->15748 15746 6cb105c5 15745->15746 15745->15748 15747 6cb11487 29 API calls 15746->15747 15747->15748 15748->15740 15750 6cb0f2ab __fread_nolock 25 API calls 15749->15750 15751 6cb1034a 15750->15751 15752 6cb11487 29 API calls 15751->15752 15755 6cb10392 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15751->15755 15753 6cb103e2 15752->15753 15754 6cb11487 29 API calls 15753->15754 15753->15755 15754->15755 15755->15726 15757 6cb1130b CallCatchBlock 15756->15757 15758 6cb11313 15757->15758 15759 6cb1132b 15757->15759 15760 6cb0c29f __dosmaperr 14 API calls 15758->15760 15761 6cb113dc 15759->15761 15765 6cb11360 15759->15765 15762 6cb11318 15760->15762 15763 6cb0c29f __dosmaperr 14 API calls 15761->15763 15764 6cb0c2b2 _free 14 API calls 15762->15764 15766 6cb113e1 15763->15766 15767 6cb101fd 15764->15767 15781 6cb17c60 EnterCriticalSection 15765->15781 15769 6cb0c2b2 _free 14 API calls 15766->15769 15767->15721 15767->15722 15767->15726 15771 6cb113e9 15769->15771 15770 6cb11366 15772 6cb1138a 15770->15772 15773 6cb1139f 15770->15773 15774 6cb0a29f __fread_nolock 25 API calls 15771->15774 15776 6cb0c2b2 _free 14 API calls 15772->15776 15775 6cb1140b __fread_nolock 27 API calls 15773->15775 15774->15767 15778 6cb1139a 15775->15778 15777 6cb1138f 15776->15777 15779 6cb0c29f __dosmaperr 14 API calls 15777->15779 15782 6cb113d4 15778->15782 15779->15778 15781->15770 15785 6cb17d15 LeaveCriticalSection 15782->15785 15784 6cb113da 15784->15767 15785->15784 15786->15733 17154 6cb01033 17159 6cb052b5 17154->17159 17160 6cb052c5 17159->17160 17161 6cb01038 17159->17161 17160->17161 17166 6cb05c8f InitializeCriticalSectionEx 17160->17166 17163 6cb066f5 17161->17163 17167 6cb066c8 17163->17167 17166->17160 17168 6cb066d7 17167->17168 17169 6cb066de 17167->17169 17173 6cb0d6d8 17168->17173 17176 6cb0d744 17169->17176 17172 6cb01042 17174 6cb0d744 28 API calls 17173->17174 17175 6cb0d6ea 17174->17175 17175->17172 17179 6cb0d45b 17176->17179 17180 6cb0d467 CallCatchBlock 17179->17180 17187 6cb0b7ed EnterCriticalSection 17180->17187 17182 6cb0d475 17188 6cb0d4d5 17182->17188 17184 6cb0d482 17198 6cb0d4aa 17184->17198 17187->17182 17189 6cb0d4f1 17188->17189 17191 6cb0d568 std::_Lockit::_Lockit 17188->17191 17190 6cb0d548 17189->17190 17189->17191 17201 6cb174d1 17189->17201 17190->17191 17193 6cb174d1 28 API calls 17190->17193 17191->17184 17195 6cb0d55e 17193->17195 17194 6cb0d53e 17196 6cb0e63e _free 14 API calls 17194->17196 17197 6cb0e63e _free 14 API calls 17195->17197 17196->17190 17197->17191 17229 6cb0b835 LeaveCriticalSection 17198->17229 17200 6cb0d493 17200->17172 17202 6cb174f9 17201->17202 17203 6cb174de 17201->17203 17205 6cb17508 17202->17205 17210 6cb1b873 17202->17210 17203->17202 17204 6cb174ea 17203->17204 17206 6cb0c2b2 _free 14 API calls 17204->17206 17217 6cb1482c 17205->17217 17209 6cb174ef __fread_nolock 17206->17209 17209->17194 17211 6cb1b893 HeapSize 17210->17211 17212 6cb1b87e 17210->17212 17211->17205 17213 6cb0c2b2 _free 14 API calls 17212->17213 17214 6cb1b883 17213->17214 17215 6cb0a29f __fread_nolock 25 API calls 17214->17215 17216 6cb1b88e 17215->17216 17216->17205 17218 6cb14844 17217->17218 17219 6cb14839 17217->17219 17221 6cb1484c 17218->17221 17228 6cb14855 _free 17218->17228 17220 6cb1163a __fread_nolock 15 API calls 17219->17220 17226 6cb14841 17220->17226 17222 6cb0e63e _free 14 API calls 17221->17222 17222->17226 17223 6cb1485a 17225 6cb0c2b2 _free 14 API calls 17223->17225 17224 6cb1487f HeapReAlloc 17224->17226 17224->17228 17225->17226 17226->17209 17227 6cb0c9ea std::_Facet_Register 2 API calls 17227->17228 17228->17223 17228->17224 17228->17227 17229->17200 15463 6cb13d10 15468 6cb13aa5 15463->15468 15466 6cb13d4f 15473 6cb13ad3 15468->15473 15469 6cb0c2b2 _free 14 API calls 15470 6cb13cfe 15469->15470 15471 6cb0a29f __fread_nolock 25 API calls 15470->15471 15472 6cb13c2e 15471->15472 15472->15466 15480 6cb1adca 15472->15480 15478 6cb13c23 15473->15478 15483 6cb1a3b4 15473->15483 15475 6cb13c8b 15476 6cb1a3b4 38 API calls 15475->15476 15475->15478 15477 6cb13ca9 15476->15477 15477->15478 15479 6cb1a3b4 38 API calls 15477->15479 15478->15469 15478->15472 15479->15478 15508 6cb1a4d3 15480->15508 15484 6cb1a3c2 15483->15484 15485 6cb1a3e5 15483->15485 15484->15485 15487 6cb1a3c8 15484->15487 15493 6cb1a400 15485->15493 15489 6cb0c2b2 _free 14 API calls 15487->15489 15488 6cb1a3fb 15488->15475 15490 6cb1a3cd 15489->15490 15491 6cb0a29f __fread_nolock 25 API calls 15490->15491 15492 6cb1a3d8 15491->15492 15492->15475 15494 6cb1a410 15493->15494 15495 6cb1a42a 15493->15495 15496 6cb0c2b2 _free 14 API calls 15494->15496 15497 6cb1a432 15495->15497 15498 6cb1a44c 15495->15498 15499 6cb1a415 15496->15499 15500 6cb0c2b2 _free 14 API calls 15497->15500 15503 6cb0c2c5 __fassign 37 API calls 15498->15503 15505 6cb1a420 std::_Locinfo::_Locinfo_dtor 15498->15505 15501 6cb0a29f __fread_nolock 25 API calls 15499->15501 15502 6cb1a437 15500->15502 15501->15505 15504 6cb0a29f __fread_nolock 25 API calls 15502->15504 15507 6cb1a463 15503->15507 15504->15505 15505->15488 15506 6cb161f5 38 API calls std::_Locinfo::_Locinfo_dtor 15506->15507 15507->15505 15507->15506 15509 6cb1a4df CallCatchBlock 15508->15509 15510 6cb1a4e6 15509->15510 15512 6cb1a511 15509->15512 15511 6cb0c2b2 _free 14 API calls 15510->15511 15513 6cb1a4eb 15511->15513 15519 6cb1aaa0 15512->15519 15515 6cb0a29f __fread_nolock 25 API calls 15513->15515 15518 6cb1a4f5 15515->15518 15518->15466 15520 6cb1aabd 15519->15520 15521 6cb1aad2 15520->15521 15522 6cb1aaeb 15520->15522 15524 6cb0c29f __dosmaperr 14 API calls 15521->15524 15569 6cb17d38 15522->15569 15528 6cb1aad7 15524->15528 15526 6cb1ab10 15582 6cb1a7e7 CreateFileW 15526->15582 15527 6cb1aaf9 15530 6cb0c29f __dosmaperr 14 API calls 15527->15530 15529 6cb0c2b2 _free 14 API calls 15528->15529 15532 6cb1a535 15529->15532 15533 6cb1aafe 15530->15533 15565 6cb1a568 15532->15565 15534 6cb0c2b2 _free 14 API calls 15533->15534 15534->15528 15535 6cb1abc6 GetFileType 15536 6cb1abd1 GetLastError 15535->15536 15537 6cb1ac18 15535->15537 15540 6cb0c27c __dosmaperr 14 API calls 15536->15540 15584 6cb17c83 15537->15584 15538 6cb1ab9b GetLastError 15539 6cb0c27c __dosmaperr 14 API calls 15538->15539 15539->15528 15543 6cb1abdf CloseHandle 15540->15543 15541 6cb1ab49 15541->15535 15541->15538 15583 6cb1a7e7 CreateFileW 15541->15583 15543->15528 15546 6cb1ac08 15543->15546 15544 6cb1ab8e 15544->15535 15544->15538 15548 6cb0c2b2 _free 14 API calls 15546->15548 15550 6cb1ac0d 15548->15550 15549 6cb1ac85 15554 6cb1ac8c 15549->15554 15608 6cb1a594 15549->15608 15550->15528 15556 6cb0f20f __wsopen_s 28 API calls 15554->15556 15555 6cb1acc8 15555->15532 15557 6cb1ad44 CloseHandle 15555->15557 15556->15532 15634 6cb1a7e7 CreateFileW 15557->15634 15559 6cb1ad6f 15560 6cb1ad79 GetLastError 15559->15560 15561 6cb1ada5 15559->15561 15562 6cb0c27c __dosmaperr 14 API calls 15560->15562 15561->15532 15563 6cb1ad85 15562->15563 15564 6cb17e4b __wsopen_s 15 API calls 15563->15564 15564->15561 15566 6cb1a592 15565->15566 15567 6cb1a56e 15565->15567 15566->15518 15695 6cb17d15 LeaveCriticalSection 15567->15695 15570 6cb17d44 CallCatchBlock 15569->15570 15635 6cb0b7ed EnterCriticalSection 15570->15635 15573 6cb17d70 15639 6cb17b12 15573->15639 15574 6cb17d4b 15574->15573 15578 6cb17ddf EnterCriticalSection 15574->15578 15581 6cb17d92 15574->15581 15580 6cb17dec LeaveCriticalSection 15578->15580 15578->15581 15580->15574 15636 6cb17e42 15581->15636 15582->15541 15583->15544 15585 6cb17c92 15584->15585 15586 6cb17cfb 15584->15586 15585->15586 15592 6cb17cb8 __wsopen_s 15585->15592 15587 6cb0c2b2 _free 14 API calls 15586->15587 15588 6cb17d00 15587->15588 15589 6cb0c29f __dosmaperr 14 API calls 15588->15589 15590 6cb17ce8 15589->15590 15590->15549 15593 6cb1a9f6 15590->15593 15591 6cb17ce2 SetStdHandle 15591->15590 15592->15590 15592->15591 15594 6cb1aa1e 15593->15594 15595 6cb1aa50 15593->15595 15594->15595 15596 6cb114a2 __fread_nolock 27 API calls 15594->15596 15595->15549 15597 6cb1aa2e 15596->15597 15598 6cb1aa54 15597->15598 15599 6cb1aa3e 15597->15599 15600 6cb10f4f __fread_nolock 37 API calls 15598->15600 15601 6cb0c29f __dosmaperr 14 API calls 15599->15601 15602 6cb1aa66 15600->15602 15603 6cb1aa43 15601->15603 15604 6cb1aa7c 15602->15604 15648 6cb1be9a 15602->15648 15603->15595 15605 6cb0c2b2 _free 14 API calls 15603->15605 15604->15603 15606 6cb114a2 __fread_nolock 27 API calls 15604->15606 15605->15595 15606->15603 15609 6cb1a720 15608->15609 15610 6cb1a5c4 15608->15610 15609->15554 15609->15555 15616 6cb1a5e4 15610->15616 15688 6cb1bd51 15610->15688 15612 6cb1a5db 15613 6cb1a7dc 15612->15613 15612->15616 15614 6cb0a2cc __Getctype 11 API calls 15613->15614 15615 6cb1a7e6 15614->15615 15616->15609 15618 6cb1a698 15616->15618 15619 6cb114a2 __fread_nolock 27 API calls 15616->15619 15617 6cb10f4f __fread_nolock 37 API calls 15623 6cb1a6bd 15617->15623 15618->15609 15618->15617 15621 6cb1a71b 15618->15621 15625 6cb1a6eb 15618->15625 15620 6cb1a6ff 15619->15620 15624 6cb114a2 __fread_nolock 27 API calls 15620->15624 15620->15625 15622 6cb0c2b2 _free 14 API calls 15621->15622 15622->15609 15623->15621 15623->15625 15626 6cb1a749 15623->15626 15627 6cb1a73c 15623->15627 15628 6cb1a76b 15623->15628 15624->15618 15625->15609 15625->15621 15633 6cb0fcd2 __wsopen_s 62 API calls 15625->15633 15626->15628 15629 6cb1a750 15626->15629 15631 6cb0c2b2 _free 14 API calls 15627->15631 15630 6cb114a2 __fread_nolock 27 API calls 15628->15630 15632 6cb114a2 __fread_nolock 27 API calls 15629->15632 15630->15625 15631->15621 15632->15625 15633->15625 15634->15559 15635->15574 15647 6cb0b835 LeaveCriticalSection 15636->15647 15638 6cb17db2 15638->15526 15638->15527 15640 6cb0e678 _free 14 API calls 15639->15640 15641 6cb17b24 15640->15641 15643 6cb0ec22 __Getctype 6 API calls 15641->15643 15645 6cb17b31 15641->15645 15642 6cb0e63e _free 14 API calls 15644 6cb17b86 15642->15644 15643->15641 15644->15581 15646 6cb17c60 EnterCriticalSection 15644->15646 15645->15642 15646->15581 15647->15638 15683 6cb1be4d 15648->15683 15650 6cb1bfe9 15651 6cb0c2b2 _free 14 API calls 15650->15651 15654 6cb1bf6f 15651->15654 15652 6cb1bf9b 15652->15654 15656 6cb114a2 __fread_nolock 27 API calls 15652->15656 15659 6cb114a2 __fread_nolock 27 API calls 15654->15659 15655 6cb1bef0 15658 6cb0e678 _free 14 API calls 15655->15658 15657 6cb1bfb3 15656->15657 15657->15650 15662 6cb17edc __wsopen_s 25 API calls 15657->15662 15660 6cb1befc 15658->15660 15661 6cb1c000 15659->15661 15663 6cb1bf04 15660->15663 15668 6cb1bf11 __wsopen_s 15660->15668 15661->15604 15664 6cb1bfc3 SetEndOfFile 15662->15664 15665 6cb0c2b2 _free 14 API calls 15663->15665 15664->15654 15666 6cb1bfcf 15664->15666 15681 6cb1bf09 15665->15681 15667 6cb0c2b2 _free 14 API calls 15666->15667 15669 6cb1bfd4 15667->15669 15673 6cb0fdc4 __wsopen_s 60 API calls 15668->15673 15676 6cb1bf76 15668->15676 15679 6cb1bf60 __wsopen_s 15668->15679 15671 6cb0c29f __dosmaperr 14 API calls 15669->15671 15670 6cb0c2b2 _free 14 API calls 15672 6cb1bf90 15670->15672 15675 6cb0e63e _free 14 API calls 15672->15675 15673->15668 15675->15654 15677 6cb0c29f __dosmaperr 14 API calls 15676->15677 15678 6cb1bf7b 15677->15678 15680 6cb0c2b2 _free 14 API calls 15678->15680 15678->15681 15682 6cb0e63e _free 14 API calls 15679->15682 15680->15681 15681->15670 15682->15654 15684 6cb114a2 __fread_nolock 27 API calls 15683->15684 15685 6cb1be66 15684->15685 15686 6cb114a2 __fread_nolock 27 API calls 15685->15686 15687 6cb1be75 15686->15687 15687->15650 15687->15652 15687->15655 15689 6cb1bd72 15688->15689 15690 6cb1bd5d 15688->15690 15689->15612 15691 6cb0c2b2 _free 14 API calls 15690->15691 15692 6cb1bd62 15691->15692 15693 6cb0a29f __fread_nolock 25 API calls 15692->15693 15694 6cb1bd6d 15693->15694 15694->15612 15695->15566 17323 6cb0d214 17334 6cb17140 17323->17334 17328 6cb0d231 17331 6cb0e63e _free 14 API calls 17328->17331 17332 6cb0d260 17331->17332 17333 6cb0e63e _free 14 API calls 17333->17328 17335 6cb0d226 17334->17335 17336 6cb17149 17334->17336 17340 6cb1744d GetEnvironmentStringsW 17335->17340 17369 6cb0e4a9 17336->17369 17341 6cb17464 17340->17341 17351 6cb174ba 17340->17351 17344 6cb16101 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17341->17344 17342 6cb174c3 FreeEnvironmentStringsW 17343 6cb0d22b 17342->17343 17343->17328 17352 6cb0d266 17343->17352 17345 6cb1747d 17344->17345 17346 6cb1163a __fread_nolock 15 API calls 17345->17346 17345->17351 17347 6cb1748d 17346->17347 17348 6cb174a5 17347->17348 17349 6cb16101 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17347->17349 17350 6cb0e63e _free 14 API calls 17348->17350 17349->17348 17350->17351 17351->17342 17351->17343 17353 6cb0d27b 17352->17353 17354 6cb0e678 _free 14 API calls 17353->17354 17362 6cb0d2a2 17354->17362 17355 6cb0d307 17356 6cb0e63e _free 14 API calls 17355->17356 17357 6cb0d23c 17356->17357 17357->17333 17358 6cb0e678 _free 14 API calls 17358->17362 17359 6cb0d309 17478 6cb0d336 17359->17478 17360 6cb0d915 ___std_exception_copy 25 API calls 17360->17362 17362->17355 17362->17358 17362->17359 17362->17360 17364 6cb0d329 17362->17364 17367 6cb0e63e _free 14 API calls 17362->17367 17366 6cb0a2cc __Getctype 11 API calls 17364->17366 17365 6cb0e63e _free 14 API calls 17365->17355 17368 6cb0d335 17366->17368 17367->17362 17370 6cb0e4b4 17369->17370 17371 6cb0e4ba 17369->17371 17372 6cb0eb26 _free 6 API calls 17370->17372 17373 6cb0eb65 _free 6 API calls 17371->17373 17375 6cb0e4c0 17371->17375 17372->17371 17374 6cb0e4d4 17373->17374 17374->17375 17377 6cb0e678 _free 14 API calls 17374->17377 17376 6cb0c649 __purecall 37 API calls 17375->17376 17382 6cb0e539 17375->17382 17379 6cb0e542 17376->17379 17378 6cb0e4e4 17377->17378 17380 6cb0e501 17378->17380 17381 6cb0e4ec 17378->17381 17384 6cb0eb65 _free 6 API calls 17380->17384 17383 6cb0eb65 _free 6 API calls 17381->17383 17394 6cb16f8c 17382->17394 17385 6cb0e4f8 17383->17385 17386 6cb0e50d 17384->17386 17389 6cb0e63e _free 14 API calls 17385->17389 17387 6cb0e520 17386->17387 17388 6cb0e511 17386->17388 17391 6cb0e1ee _free 14 API calls 17387->17391 17390 6cb0eb65 _free 6 API calls 17388->17390 17389->17375 17390->17385 17392 6cb0e52b 17391->17392 17393 6cb0e63e _free 14 API calls 17392->17393 17393->17375 17413 6cb170a0 17394->17413 17399 6cb16fb8 17399->17335 17400 6cb1163a __fread_nolock 15 API calls 17401 6cb16fc9 17400->17401 17412 6cb16ffb 17401->17412 17431 6cb1719b 17401->17431 17404 6cb0e63e _free 14 API calls 17406 6cb17009 17404->17406 17405 6cb16ff6 17407 6cb0c2b2 _free 14 API calls 17405->17407 17406->17335 17407->17412 17408 6cb17011 17409 6cb1703d 17408->17409 17410 6cb0e63e _free 14 API calls 17408->17410 17409->17412 17442 6cb16c28 17409->17442 17410->17409 17412->17404 17414 6cb170ac CallCatchBlock 17413->17414 17416 6cb170c6 17414->17416 17450 6cb0b7ed EnterCriticalSection 17414->17450 17418 6cb16f9f 17416->17418 17420 6cb0c649 __purecall 37 API calls 17416->17420 17417 6cb17102 17451 6cb1711f 17417->17451 17424 6cb16d36 17418->17424 17422 6cb1713f 17420->17422 17421 6cb170d6 17421->17417 17423 6cb0e63e _free 14 API calls 17421->17423 17423->17417 17425 6cb0c2c5 __fassign 37 API calls 17424->17425 17426 6cb16d48 17425->17426 17427 6cb16d57 GetOEMCP 17426->17427 17428 6cb16d69 17426->17428 17429 6cb16d80 17427->17429 17428->17429 17430 6cb16d6e GetACP 17428->17430 17429->17399 17429->17400 17430->17429 17432 6cb16d36 39 API calls 17431->17432 17433 6cb171bb 17432->17433 17435 6cb171f5 IsValidCodePage 17433->17435 17439 6cb17231 __fread_nolock 17433->17439 17434 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17436 6cb16fee 17434->17436 17437 6cb17207 17435->17437 17435->17439 17436->17405 17436->17408 17438 6cb17236 GetCPInfo 17437->17438 17441 6cb17210 __fread_nolock 17437->17441 17438->17439 17438->17441 17439->17434 17455 6cb16e0c 17441->17455 17443 6cb16c34 CallCatchBlock 17442->17443 17466 6cb0b7ed EnterCriticalSection 17443->17466 17445 6cb16c3e 17467 6cb16c75 17445->17467 17450->17421 17454 6cb0b835 LeaveCriticalSection 17451->17454 17453 6cb17126 17453->17416 17454->17453 17456 6cb16e34 GetCPInfo 17455->17456 17457 6cb16efd 17455->17457 17456->17457 17462 6cb16e4c 17456->17462 17458 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 17457->17458 17460 6cb16f8a 17458->17460 17459 6cb1370b std::_Locinfo::_Locinfo_dtor 40 API calls 17461 6cb16eb4 17459->17461 17460->17439 17463 6cb139f8 41 API calls 17461->17463 17462->17459 17464 6cb16ed5 17463->17464 17465 6cb139f8 41 API calls 17464->17465 17465->17457 17466->17445 17468 6cb0ae62 __fread_nolock 25 API calls 17467->17468 17469 6cb16c97 17468->17469 17470 6cb0ae62 __fread_nolock 25 API calls 17469->17470 17471 6cb16cb6 17470->17471 17472 6cb0e63e _free 14 API calls 17471->17472 17473 6cb16c4b 17471->17473 17472->17473 17474 6cb16c69 17473->17474 17477 6cb0b835 LeaveCriticalSection 17474->17477 17476 6cb16c57 17476->17412 17477->17476 17482 6cb0d30f 17478->17482 17483 6cb0d343 17478->17483 17479 6cb0d35a 17480 6cb0e63e _free 14 API calls 17479->17480 17480->17482 17481 6cb0e63e _free 14 API calls 17481->17483 17482->17365 17483->17479 17483->17481 15372 6cb04760 15373 6cb0476c 15372->15373 15374 6cb04777 15373->15374 15377 6cb043f0 15373->15377 15375 6cb04784 15378 6cb04429 15377->15378 15380 6cb04482 15378->15380 15381 6cb04498 15378->15381 15385 6cb04435 std::ios_base::_Ios_base_dtor 15378->15385 15379 6cb05fa3 __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15382 6cb04715 15379->15382 15397 6cb0a92c 15380->15397 15383 6cb0a92c 27 API calls 15381->15383 15382->15375 15394 6cb044be std::ios_base::_Ios_base_dtor _Yarn 15383->15394 15385->15379 15386 6cb04676 15386->15385 15388 6cb04719 15386->15388 15387 6cb0471e 15389 6cb03790 27 API calls 15387->15389 15390 6cb0a2af 25 API calls 15388->15390 15391 6cb04723 15389->15391 15390->15387 15391->15375 15392 6cb037b0 28 API calls 15392->15394 15394->15386 15394->15387 15394->15388 15394->15392 15395 6cb046b6 15394->15395 15396 6cb0a92c 27 API calls 15394->15396 15395->15386 15417 6cb0b739 15395->15417 15396->15394 15398 6cb0a938 CallCatchBlock 15397->15398 15399 6cb0a942 15398->15399 15400 6cb0a95a 15398->15400 15401 6cb0c2b2 _free 14 API calls 15399->15401 15430 6cb0a485 EnterCriticalSection 15400->15430 15403 6cb0a947 15401->15403 15405 6cb0a29f __fread_nolock 25 API calls 15403->15405 15404 6cb0a964 15406 6cb0a9fd 15404->15406 15407 6cb0f2ab __fread_nolock 25 API calls 15404->15407 15416 6cb0a952 15405->15416 15431 6cb0a8f0 15406->15431 15412 6cb0a97e 15407->15412 15409 6cb0aa03 15438 6cb0aa2a 15409->15438 15411 6cb0a9d5 15413 6cb0c2b2 _free 14 API calls 15411->15413 15412->15406 15412->15411 15414 6cb0a9da 15413->15414 15415 6cb0a29f __fread_nolock 25 API calls 15414->15415 15415->15416 15416->15385 15418 6cb0b745 CallCatchBlock 15417->15418 15419 6cb0b761 15418->15419 15420 6cb0b74c 15418->15420 15442 6cb0a485 EnterCriticalSection 15419->15442 15422 6cb0c2b2 _free 14 API calls 15420->15422 15424 6cb0b751 15422->15424 15423 6cb0b76b 15443 6cb0b63f 15423->15443 15426 6cb0a29f __fread_nolock 25 API calls 15424->15426 15428 6cb0b75c 15426->15428 15428->15395 15430->15404 15432 6cb0a8fc 15431->15432 15434 6cb0a911 __fread_nolock 15431->15434 15433 6cb0c2b2 _free 14 API calls 15432->15433 15435 6cb0a901 15433->15435 15434->15409 15436 6cb0a29f __fread_nolock 25 API calls 15435->15436 15437 6cb0a90c 15436->15437 15437->15409 15441 6cb0a499 LeaveCriticalSection 15438->15441 15440 6cb0aa32 15440->15416 15441->15440 15442->15423 15444 6cb0b657 15443->15444 15446 6cb0b6c7 15443->15446 15445 6cb0f2ab __fread_nolock 25 API calls 15444->15445 15449 6cb0b65d 15445->15449 15451 6cb0b6bf 15446->15451 15457 6cb115de 15446->15457 15448 6cb0b6af 15450 6cb0c2b2 _free 14 API calls 15448->15450 15449->15446 15449->15448 15452 6cb0b6b4 15450->15452 15454 6cb0b7a4 15451->15454 15453 6cb0a29f __fread_nolock 25 API calls 15452->15453 15453->15451 15462 6cb0a499 LeaveCriticalSection 15454->15462 15456 6cb0b7aa 15456->15428 15458 6cb0e678 _free 14 API calls 15457->15458 15459 6cb115fb 15458->15459 15460 6cb0e63e _free 14 API calls 15459->15460 15461 6cb11605 15460->15461 15461->15451 15462->15456 17551 6cb0f06a 17552 6cb0f076 CallCatchBlock 17551->17552 17563 6cb0b7ed EnterCriticalSection 17552->17563 17554 6cb0f07d 17564 6cb17bc2 17554->17564 17562 6cb0f09b 17588 6cb0f0c1 17562->17588 17563->17554 17565 6cb17bce CallCatchBlock 17564->17565 17566 6cb17bd7 17565->17566 17567 6cb17bf8 17565->17567 17568 6cb0c2b2 _free 14 API calls 17566->17568 17591 6cb0b7ed EnterCriticalSection 17567->17591 17570 6cb17bdc 17568->17570 17571 6cb0a29f __fread_nolock 25 API calls 17570->17571 17572 6cb0f08c 17571->17572 17572->17562 17577 6cb0ef00 GetStartupInfoW 17572->17577 17573 6cb17c30 17592 6cb17c57 17573->17592 17575 6cb17c04 17575->17573 17576 6cb17b12 __wsopen_s 15 API calls 17575->17576 17576->17575 17578 6cb0efb1 17577->17578 17579 6cb0ef1d 17577->17579 17583 6cb0efb6 17578->17583 17579->17578 17580 6cb17bc2 26 API calls 17579->17580 17581 6cb0ef45 17580->17581 17581->17578 17582 6cb0ef75 GetFileType 17581->17582 17582->17581 17584 6cb0efbd 17583->17584 17585 6cb0f000 GetStdHandle 17584->17585 17586 6cb0f066 17584->17586 17587 6cb0f013 GetFileType 17584->17587 17585->17584 17586->17562 17587->17584 17596 6cb0b835 LeaveCriticalSection 17588->17596 17590 6cb0f0ac 17591->17575 17595 6cb0b835 LeaveCriticalSection 17592->17595 17594 6cb17c5e 17594->17572 17595->17594 17596->17590 17614 6cb12057 17617 6cb11d23 17614->17617 17618 6cb11d2f CallCatchBlock 17617->17618 17625 6cb0b7ed EnterCriticalSection 17618->17625 17620 6cb11d39 17621 6cb11d67 17620->17621 17626 6cb17995 17620->17626 17630 6cb11d85 17621->17630 17625->17620 17627 6cb179a3 __Getctype 17626->17627 17628 6cb179b0 17626->17628 17627->17628 17629 6cb176c8 __Getctype 14 API calls 17627->17629 17628->17620 17629->17628 17633 6cb0b835 LeaveCriticalSection 17630->17633 17632 6cb11d73 17633->17632

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 6CB10F4F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 6cb10f4f-6cb10f5f 1 6cb10f61-6cb10f74 call 6cb0c29f call 6cb0c2b2 0->1 2 6cb10f79-6cb10f7b 0->2 19 6cb112f8 1->19 4 6cb10f81-6cb10f87 2->4 5 6cb112e0-6cb112ed call 6cb0c29f call 6cb0c2b2 2->5 4->5 8 6cb10f8d-6cb10fb3 4->8 21 6cb112f3 call 6cb0a29f 5->21 8->5 9 6cb10fb9-6cb10fc2 8->9 12 6cb10fc4-6cb10fd7 call 6cb0c29f call 6cb0c2b2 9->12 13 6cb10fdc-6cb10fde 9->13 12->21 17 6cb10fe4-6cb10fe7 13->17 18 6cb112dc-6cb112de 13->18 17->18 24 6cb10fed-6cb10ff1 17->24 23 6cb112fb-6cb112fe 18->23 19->23 21->19 24->12 27 6cb10ff3-6cb1100a 24->27 29 6cb1105b-6cb11061 27->29 30 6cb1100c-6cb1100f 27->30 31 6cb11063-6cb1106d 29->31 32 6cb11027-6cb1103e call 6cb0c29f call 6cb0c2b2 call 6cb0a29f 29->32 33 6cb11011-6cb1101a 30->33 34 6cb1101f-6cb11025 30->34 35 6cb11074-6cb11092 call 6cb1163a call 6cb0e63e * 2 31->35 36 6cb1106f-6cb11071 31->36 64 6cb11213 32->64 37 6cb110df-6cb110ef 33->37 34->32 38 6cb11043-6cb11056 34->38 74 6cb11094-6cb110aa call 6cb0c2b2 call 6cb0c29f 35->74 75 6cb110af-6cb110d8 call 6cb114a2 35->75 36->35 40 6cb110f5-6cb11101 37->40 41 6cb111b4-6cb111bd call 6cb17f46 37->41 38->37 40->41 46 6cb11107-6cb11109 40->46 53 6cb11230 41->53 54 6cb111bf-6cb111d1 41->54 46->41 50 6cb1110f-6cb11133 46->50 50->41 55 6cb11135-6cb1114b 50->55 57 6cb11234-6cb1124c ReadFile 53->57 54->53 59 6cb111d3-6cb111e2 GetConsoleMode 54->59 55->41 60 6cb1114d-6cb1114f 55->60 62 6cb112a8-6cb112b3 GetLastError 57->62 63 6cb1124e-6cb11254 57->63 59->53 65 6cb111e4-6cb111e8 59->65 60->41 66 6cb11151-6cb11177 60->66 68 6cb112b5-6cb112c7 call 6cb0c2b2 call 6cb0c29f 62->68 69 6cb112cc-6cb112cf 62->69 63->62 70 6cb11256 63->70 72 6cb11216-6cb11220 call 6cb0e63e 64->72 65->57 71 6cb111ea-6cb11204 ReadConsoleW 65->71 66->41 73 6cb11179-6cb1118f 66->73 68->64 82 6cb112d5-6cb112d7 69->82 83 6cb1120c-6cb11212 call 6cb0c27c 69->83 78 6cb11259-6cb1126b 70->78 80 6cb11225-6cb1122e 71->80 81 6cb11206 GetLastError 71->81 72->23 73->41 85 6cb11191-6cb11193 73->85 74->64 75->37 78->72 89 6cb1126d-6cb11271 78->89 80->78 81->83 82->72 83->64 85->41 86 6cb11195-6cb111af 85->86 86->41 95 6cb11273-6cb11283 call 6cb10c69 89->95 96 6cb1128a-6cb11295 89->96 107 6cb11286-6cb11288 95->107 101 6cb112a1-6cb112a6 call 6cb10aba 96->101 102 6cb11297 call 6cb10dc0 96->102 108 6cb1129c-6cb1129f 101->108 102->108 107->72 108->107
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 0-3907804496
                                                                                                                                                                                                                                          • Opcode ID: 24c559c9b8439c1a60404077bd7246d77249f3da57113a5edeacf83bef588d13
                                                                                                                                                                                                                                          • Instruction ID: 1d0fda877926e89a6f4b0978c03101b093bd2bc5d2f34729467ce5ea8b5ec47c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24c559c9b8439c1a60404077bd7246d77249f3da57113a5edeacf83bef588d13
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35C1A070A082899FDF01CF98C880BADBBB5EF5A318F184159E551EBF81C774D945CBA2
                                                                                                                                                                                                                                          Function 6CB1AAA0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 109 6cb1aaa0-6cb1aad0 call 6cb1a87c 112 6cb1aad2-6cb1aadd call 6cb0c29f 109->112 113 6cb1aaeb-6cb1aaf7 call 6cb17d38 109->113 120 6cb1aadf-6cb1aae6 call 6cb0c2b2 112->120 118 6cb1ab10-6cb1ab59 call 6cb1a7e7 113->118 119 6cb1aaf9-6cb1ab0e call 6cb0c29f call 6cb0c2b2 113->119 129 6cb1abc6-6cb1abcf GetFileType 118->129 130 6cb1ab5b-6cb1ab64 118->130 119->120 127 6cb1adc5-6cb1adc9 120->127 131 6cb1abd1-6cb1ac02 GetLastError call 6cb0c27c CloseHandle 129->131 132 6cb1ac18-6cb1ac1b 129->132 134 6cb1ab66-6cb1ab6a 130->134 135 6cb1ab9b-6cb1abc1 GetLastError call 6cb0c27c 130->135 131->120 148 6cb1ac08-6cb1ac13 call 6cb0c2b2 131->148 138 6cb1ac24-6cb1ac2a 132->138 139 6cb1ac1d-6cb1ac22 132->139 134->135 140 6cb1ab6c-6cb1ab99 call 6cb1a7e7 134->140 135->120 144 6cb1ac2e-6cb1ac7c call 6cb17c83 138->144 145 6cb1ac2c 138->145 139->144 140->129 140->135 151 6cb1ac9b-6cb1acc3 call 6cb1a594 144->151 152 6cb1ac7e-6cb1ac8a call 6cb1a9f6 144->152 145->144 148->120 159 6cb1acc5-6cb1acc6 151->159 160 6cb1acc8-6cb1ad09 151->160 152->151 158 6cb1ac8c 152->158 161 6cb1ac8e-6cb1ac96 call 6cb0f20f 158->161 159->161 162 6cb1ad0b-6cb1ad0f 160->162 163 6cb1ad2a-6cb1ad38 160->163 161->127 162->163 164 6cb1ad11-6cb1ad25 162->164 165 6cb1adc3 163->165 166 6cb1ad3e-6cb1ad42 163->166 164->163 165->127 166->165 168 6cb1ad44-6cb1ad77 CloseHandle call 6cb1a7e7 166->168 172 6cb1ad79-6cb1ada5 GetLastError call 6cb0c27c call 6cb17e4b 168->172 173 6cb1adab-6cb1adbf 168->173 172->173 173->165
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB1A7E7: CreateFileW.KERNELBASE(00000000,00000000,?,6CB1AB49,?,?,00000000,?,6CB1AB49,00000000,0000000C), ref: 6CB1A804
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6CB1ABB4
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB1ABBB
                                                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 6CB1ABC7
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6CB1ABD1
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB1ABDA
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 6CB1ABFA
                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 6CB1AD47
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6CB1AD79
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB1AD80
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                          • Opcode ID: 885efc06e00b2f21ecbce09292b3f0ae7430e72f3388c187631dbab6eaf1e664
                                                                                                                                                                                                                                          • Instruction ID: 7d2784d326b98b989203ddf726918167d8371a95678374451f0066102334dc9f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 885efc06e00b2f21ecbce09292b3f0ae7430e72f3388c187631dbab6eaf1e664
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1A11A31A085949FCF099F78CC917AE7BB1EB07324F14015DE811AFB91DB34A90ACB52
                                                                                                                                                                                                                                          Function 6CB03080 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 318COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 178 6cb03080-6cb03152 call 6cb04120 call 6cb04230 call 6cb047c0 185 6cb03192 178->185 186 6cb03154-6cb03164 call 6cb04120 178->186 187 6cb03197-6cb0322b call 6cb01f50 call 6cb0712b call 6cb04230 call 6cb03000 185->187 189 6cb03167-6cb0317c 186->189 200 6cb03231-6cb03283 call 6cb03080 call 6cb04230 call 6cb03000 187->200 201 6cb03375-6cb03385 call 6cb01950 187->201 190 6cb0318b-6cb03190 189->190 191 6cb0317e-6cb03180 189->191 190->187 191->190 193 6cb03182-6cb0318a 191->193 212 6cb03288-6cb03290 200->212 206 6cb0338b-6cb0339c call 6cb019e0 call 6cb0712b 201->206 207 6cb03386 call 6cb0712b 201->207 215 6cb033a1 call 6cb037a0 206->215 207->206 212->206 214 6cb03296-6cb032db 212->214 223 6cb03347-6cb03374 214->223 224 6cb032dd-6cb032e3 214->224 217 6cb033a6 call 6cb03760 215->217 220 6cb033ab-6cb033d0 call 6cb0a2af 217->220 232 6cb033d2-6cb033d8 220->232 233 6cb03438 call 6cb037a0 220->233 224->215 226 6cb032e9-6cb032ef 224->226 229 6cb032f1-6cb032f6 226->229 230 6cb0331a-6cb03320 call 6cb05f60 226->230 229->217 234 6cb032fc-6cb03309 call 6cb05f60 229->234 242 6cb03323-6cb03344 call 6cb07ad0 230->242 236 6cb03409-6cb0340b 232->236 237 6cb033da-6cb033df 232->237 244 6cb0343d call 6cb03760 233->244 234->220 246 6cb0330f-6cb03318 234->246 240 6cb03426-6cb03435 236->240 241 6cb0340d-6cb03423 call 6cb05f60 236->241 243 6cb033e1-6cb033ee call 6cb05f60 237->243 237->244 242->223 254 6cb03442-6cb03460 call 6cb0a2af 243->254 255 6cb033f0-6cb03406 243->255 244->254 246->242
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • Failed to read certificate table location properly, xrefs: 6CB03192
                                                                                                                                                                                                                                          • The certificate table is not located at the end of the file!, xrefs: 6CB0318B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: Failed to read certificate table location properly$The certificate table is not located at the end of the file!
                                                                                                                                                                                                                                          • API String ID: 0-3230214552
                                                                                                                                                                                                                                          • Opcode ID: 9eadf92f0e69c9e3e59cd1f14ee410677e46506e68978365f99697309912af45
                                                                                                                                                                                                                                          • Instruction ID: 65fe1b3131a885a1039fdeeea73be33e5ac0d3c7f27729c38608aa224cd2776f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9eadf92f0e69c9e3e59cd1f14ee410677e46506e68978365f99697309912af45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B1D071A00649ABDB10CF68CC45FDEBBB8FF48714F108619F559AB780DB74AA44CB91
                                                                                                                                                                                                                                          Function 6CB0F20F Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 366 6cb0f20f-6cb0f223 call 6cb17edc 369 6cb0f225-6cb0f227 366->369 370 6cb0f229-6cb0f231 366->370 373 6cb0f277-6cb0f297 call 6cb17e4b 369->373 371 6cb0f233-6cb0f23a 370->371 372 6cb0f23c-6cb0f23f 370->372 371->372 374 6cb0f247-6cb0f25b call 6cb17edc * 2 371->374 375 6cb0f241-6cb0f245 372->375 376 6cb0f25d-6cb0f26d call 6cb17edc CloseHandle 372->376 383 6cb0f2a5 373->383 384 6cb0f299-6cb0f2a3 call 6cb0c27c 373->384 374->369 374->376 375->374 375->376 376->369 388 6cb0f26f-6cb0f275 GetLastError 376->388 386 6cb0f2a7-6cb0f2aa 383->386 384->386 388->373
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000,00000000,6CB05C23,?,6CB0F13D,6CB05C23,6CB29480,0000000C,6CB0F1EF,6CB29140), ref: 6CB0F265
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6CB0F13D,6CB05C23,6CB29480,0000000C,6CB0F1EF,6CB29140), ref: 6CB0F26F
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB0F29A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                                          • Opcode ID: a58ee2a19021a1538a1d2b3ddf4040d1af1d3457af245e9c28dc3de9d21d7e77
                                                                                                                                                                                                                                          • Instruction ID: 3b9d9a84f941aa066e7063a1ea024a629efb3d7526c7027d018c9bcf934f01f4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a58ee2a19021a1538a1d2b3ddf4040d1af1d3457af245e9c28dc3de9d21d7e77
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 370108377091D41EC6051274E845BAF7F9D8B8377CF290249F928D7ED1DB6098868156
                                                                                                                                                                                                                                          Function 6CB1140B Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 391 6cb1140b-6cb11423 call 6cb17edc 394 6cb11425-6cb1142a call 6cb0c2b2 391->394 395 6cb11436-6cb1144c SetFilePointerEx 391->395 401 6cb11430-6cb11434 394->401 397 6cb1145d-6cb11467 395->397 398 6cb1144e-6cb1145b GetLastError call 6cb0c27c 395->398 397->401 402 6cb11469-6cb1147e 397->402 398->401 403 6cb11483-6cb11486 401->403 402->403
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • SetFilePointerEx.KERNELBASE(00000000,00000000,6CB05C4D,00000000,00000002,6CB05C4D,00000000,?,?,?,6CB114B8,00000000,00000000,6CB05C4D,00000002), ref: 6CB11444
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6CB114B8,00000000,00000000,6CB05C4D,00000002,?,6CB0B08C,?,00000000,00000000,00000001,6CB05C4D,?,?,6CB0B142), ref: 6CB1144E
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB11455
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2336955059-0
                                                                                                                                                                                                                                          • Opcode ID: e2e2bc6990a3a9fe3c753e50a0a87c2c43f33e2306cfea8b5160bc7719689b27
                                                                                                                                                                                                                                          • Instruction ID: bf0202bca9707cfa422f284da1e491ee73bca3c07dc556e425fb77cc7eb5f1a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e2e2bc6990a3a9fe3c753e50a0a87c2c43f33e2306cfea8b5160bc7719689b27
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1401FC33714555AFCF058FAADC0589E3B39EF86774B284308E85297A90EB70DA418BA1
                                                                                                                                                                                                                                          Function 6CB047C0 Relevance: 3.2, APIs: 2, Instructions: 187COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 405 6cb047c0-6cb047d1 406 6cb047d3 405->406 407 6cb047e4-6cb047ec 405->407 408 6cb047d5-6cb047d7 406->408 409 6cb047d9-6cb047e1 406->409 410 6cb048b2-6cb048b9 407->410 411 6cb047f2-6cb047fb 407->411 408->407 408->409 413 6cb048e7-6cb048f0 410->413 414 6cb048bb-6cb048c2 410->414 412 6cb04800-6cb04810 call 6cb03540 411->412 423 6cb04852-6cb0485e 412->423 424 6cb04812 412->424 417 6cb048f2-6cb048fa 413->417 418 6cb0495b-6cb0496c 413->418 414->413 416 6cb048c4-6cb048e5 call 6cb07550 414->416 416->413 421 6cb04913-6cb0491b 417->421 422 6cb048fc-6cb04911 417->422 426 6cb04944-6cb04946 421->426 427 6cb0491d 421->427 422->421 442 6cb04860-6cb04870 423->442 443 6cb0489c 423->443 429 6cb04814-6cb04816 424->429 430 6cb04818-6cb0481d 424->430 426->418 431 6cb04948-6cb0494f call 6cb0ada8 426->431 428 6cb04920-6cb0493e call 6cb0ada8 427->428 445 6cb04940-6cb04942 428->445 446 6cb0496f-6cb04980 428->446 429->423 429->430 433 6cb0482a-6cb04850 call 6cb07550 430->433 434 6cb0481f 430->434 440 6cb04954-6cb04959 431->440 444 6cb04873-6cb0487d 433->444 438 6cb04821-6cb04823 434->438 439 6cb04825-6cb04827 434->439 438->433 438->439 439->433 440->418 442->444 447 6cb0489f-6cb048af 443->447 444->412 449 6cb0487f 444->449 445->426 445->428 449->447 450 6cb04881-6cb04883 449->450 450->412 451 6cb04889-6cb04899 450->451
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __fread_nolock
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2638373210-0
                                                                                                                                                                                                                                          • Opcode ID: 1fb950806338f183170ea1874c9be3142b6d3626435493e803b61c658e7272ac
                                                                                                                                                                                                                                          • Instruction ID: 8ffda1d5148e78b799915d183af5d41faa84573b8f3da4e9d1d8067b8256ecae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fb950806338f183170ea1874c9be3142b6d3626435493e803b61c658e7272ac
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E517C327012459FDB08CE6DD880AAD7BA1FF95325B1482AAEC18CB754D731D914CF95
                                                                                                                                                                                                                                          Function 6CB031B0 Relevance: 1.7, APIs: 1, Instructions: 174COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 6CB033A6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                                                                                                                          • Opcode ID: 97b938ef85074d6045b2ad016afccdced95e22a2aced676460c13850c5e59129
                                                                                                                                                                                                                                          • Instruction ID: 76c41a967a6dbe6ea57d5981d497d0dc51a9bd7d61ea385b7ba407d9cea9010d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97b938ef85074d6045b2ad016afccdced95e22a2aced676460c13850c5e59129
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E651D271E10A489BDB10CFA8CC45FDEBBB8EF4D714F148619E554B7780EB74A6448B90
                                                                                                                                                                                                                                          Function 6CB101B3 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 516 6cb101b3-6cb101bf 517 6cb101c1-6cb101d7 call 6cb0c2b2 call 6cb0a29f 516->517 518 6cb101d8-6cb101ed call 6cb0f2ab 516->518 524 6cb101f2-6cb101f8 call 6cb11487 518->524 525 6cb101ef 518->525 528 6cb101fd-6cb1020c 524->528 525->524 529 6cb1021c-6cb10225 528->529 530 6cb1020e 528->530 533 6cb10227-6cb10236 529->533 534 6cb1023b-6cb1026e 529->534 531 6cb10214-6cb10216 530->531 532 6cb102de-6cb102e3 530->532 531->529 531->532 535 6cb10332-6cb10336 532->535 533->535 536 6cb10270-6cb1027a 534->536 537 6cb102c5-6cb102d1 534->537 538 6cb1027c-6cb10288 536->538 539 6cb1029e-6cb102aa 536->539 540 6cb102d3-6cb102d8 call 6cb0c2b2 537->540 541 6cb102e5 537->541 538->539 543 6cb1028a-6cb10299 call 6cb104f0 538->543 539->541 544 6cb102ac-6cb102c3 call 6cb10686 539->544 540->532 542 6cb102e8-6cb102f2 541->542 547 6cb102f4-6cb102f6 542->547 548 6cb102f8-6cb102fe 542->548 543->535 544->542 551 6cb10330 547->551 552 6cb10311-6cb10315 548->552 553 6cb10300-6cb1030f call 6cb10337 548->553 551->535 557 6cb10317-6cb1032a call 6cb05fc0 552->557 558 6cb1032c-6cb1032e 552->558 553->535 557->558 558->551
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: edd85f0f690f504722350ad93d36ae6c809affbf739af67b053f51a517a8e909
                                                                                                                                                                                                                                          • Instruction ID: f817f0eab40bf08ca00e87549206d7f2ecc6ab20ae831ca2b4423b81f3422a10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edd85f0f690f504722350ad93d36ae6c809affbf739af67b053f51a517a8e909
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3741FC71B081C8AFDB00CF58D8C0A9D7BB1EF89358F288168E4449BB51D771DD56C791
                                                                                                                                                                                                                                          Function 6CB13D10 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 562 6cb13d10-6cb13d36 call 6cb13aa5 565 6cb13d38-6cb13d4a call 6cb1adca 562->565 566 6cb13d8f-6cb13d92 562->566 568 6cb13d4f-6cb13d54 565->568 568->566 569 6cb13d56-6cb13d8e 568->569
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                                          • Opcode ID: 37a79ff0ebd1d9c6ed6a50a42fba594a790cb0b02e7a566ab8a418e42ec539ee
                                                                                                                                                                                                                                          • Instruction ID: 27e8c6051d845b16506458d7b671aff7e842eaf4d71c86bb5cb6147791db965b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37a79ff0ebd1d9c6ed6a50a42fba594a790cb0b02e7a566ab8a418e42ec539ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F111875A0414AAFCF05DF58E94099E7BF9EF48304F144099F805AB351D730E915CB65
                                                                                                                                                                                                                                          Function 6CB0A4AD Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d376beca0d444d376900dacc1e7fc4966a4a8e45e658a8dacd24e9c4d4e224fa
                                                                                                                                                                                                                                          • Instruction ID: 88046262bd32a703aa9567b764de0a74d99a6b60681838d2bea0edc5b9edae17
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d376beca0d444d376900dacc1e7fc4966a4a8e45e658a8dacd24e9c4d4e224fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8F0F432701A845BC6211A79DC04BDE3FA8AF8233CF100B15E86493ED0DB74DD0A8EA6
                                                                                                                                                                                                                                          Function 6CB02520 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 595 6cb02520-6cb02563 call 6cb02010 597 6cb02568-6cb025a8 call 6cb05afa 595->597
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 6CB02591
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 323602529-0
                                                                                                                                                                                                                                          • Opcode ID: b9e612df224d25982d3767f5abb02a45e89e13d7b898cc7fee50e3a9f96bff12
                                                                                                                                                                                                                                          • Instruction ID: 79a129304125a8625c4377a195a44a8cf6f639946b84e92e052b6534bfd7888d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9e612df224d25982d3767f5abb02a45e89e13d7b898cc7fee50e3a9f96bff12
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51115B75614684CFD712CF64D545F9ABBF8FB08308F1046AEE8458BB51D736E906CB80
                                                                                                                                                                                                                                          Function 6CB1A7E7 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 600 6cb1a7e7-6cb1a80b CreateFileW
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,6CB1AB49,?,?,00000000,?,6CB1AB49,00000000,0000000C), ref: 6CB1A804
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                                          • Opcode ID: 99f9649a32549776061dd4fbd62a827142e7dbfc4cb14ac167d0cab94af083c4
                                                                                                                                                                                                                                          • Instruction ID: c6c50936fed670a3c1c5f087a0449ca1cb8798242925e77fd3d1b0a84938b994
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f9649a32549776061dd4fbd62a827142e7dbfc4cb14ac167d0cab94af083c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3D06C3214010DFBDF028E94DC06EDA7BAAFB48714F018000BA1856020C732E832AB90

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 6CB19751 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,?,?,?,?,6CB123E9,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6CB19812
                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6CB123E9,?,?,?,00000055,?,-00000050,?,?), ref: 6CB1983D
                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 6CB198D1
                                                                                                                                                                                                                                          • _wcschr.LIBVCRUNTIME ref: 6CB198DF
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6CB199A0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                                                                                                                                                                                                          • String ID: utf8
                                                                                                                                                                                                                                          • API String ID: 4147378913-905460609
                                                                                                                                                                                                                                          • Opcode ID: ec4495bac4f73f530356011aa95e841f5a7e2de261c433fabc1057a7fc7e5e26
                                                                                                                                                                                                                                          • Instruction ID: b1dca84d197cc676db28f0038b67f44d7394ff970bff37f9b3e10aa6b1821789
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec4495bac4f73f530356011aa95e841f5a7e2de261c433fabc1057a7fc7e5e26
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB710231E082C2AAEB159F35CC85AEF73A8EF45758F10442AE915DBE80EB74D6448762
                                                                                                                                                                                                                                          Function 6CB19EDD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,2000000B,6CB1A1FB,00000002,00000000,?,?,?,6CB1A1FB,?,00000000), ref: 6CB19F76
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,20001004,6CB1A1FB,00000002,00000000,?,?,?,6CB1A1FB,?,00000000), ref: 6CB19F9F
                                                                                                                                                                                                                                          • GetACP.KERNEL32(?,?,6CB1A1FB,?,00000000), ref: 6CB19FB4
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                          • String ID: ACP$OCP
                                                                                                                                                                                                                                          • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                          • Opcode ID: 313ac23cb0652aad70e5d179f272cd07033f8319f65ba3251531c004e46b48ef
                                                                                                                                                                                                                                          • Instruction ID: 9cf0d25e5f16f2a321f5294bcd440a3cfd6d26bea6d8c1f4609198a9520630da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 313ac23cb0652aad70e5d179f272cd07033f8319f65ba3251531c004e46b48ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB218172F0C1C1BAEF159F25C905A8F73BAEB81B59B268564E80AD7E40E732F941C351
                                                                                                                                                                                                                                          Function 6CB1A0B2 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E44E
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E484
                                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 6CB1A1BE
                                                                                                                                                                                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 6CB1A207
                                                                                                                                                                                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 6CB1A216
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 6CB1A25E
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 6CB1A27D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 949163717-0
                                                                                                                                                                                                                                          • Opcode ID: 67304999c6261afa4f7a2ea73ddc4611d4dcf5279aa04d7bc330f2db912b5aa4
                                                                                                                                                                                                                                          • Instruction ID: 6ad71bc4bf4924b418e65392187960c30e00204e7f450ae644aa24cf1e526d75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67304999c6261afa4f7a2ea73ddc4611d4dcf5279aa04d7bc330f2db912b5aa4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7519171A452859FEF01DFA5CC44AEE77B9FF06714F104469E920E7E40E770EA188B62
                                                                                                                                                                                                                                          Function 6CB06AFE Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6CB06B0A
                                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 6CB06BD6
                                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CB06BF6
                                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6CB06C00
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                                                                                          • Opcode ID: 995f114493c665c7d417f786ca7fc56fbd9d9cd3ce54076e638ee3d2026c7aea
                                                                                                                                                                                                                                          • Instruction ID: 389e7bf16b7881424c364892a1e9941f300b3c07cc95da1e104d7342afa2c401
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 995f114493c665c7d417f786ca7fc56fbd9d9cd3ce54076e638ee3d2026c7aea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67311A75E05218DFDB11DFA5D949BCDBBB8EF08304F10419AE409AB250EB715B858F45
                                                                                                                                                                                                                                          Function 6CB19B64 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E44E
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E484
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6CB19BB8
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6CB19C02
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6CB19CC8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3140898709-0
                                                                                                                                                                                                                                          • Opcode ID: a9190ae7c80d5442a1c7382e20dd6ff24c3f3c01e622200c560663ffb468838a
                                                                                                                                                                                                                                          • Instruction ID: 3e84a39f8ecce6e821a9f44cfa399e67ff49475bd925b7780ae5792f2a6d8791
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9190ae7c80d5442a1c7382e20dd6ff24c3f3c01e622200c560663ffb468838a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB61F0719182979FEB189F28CC81BAAB7B8EF04309F144179ED15C6E88E734D945CB51
                                                                                                                                                                                                                                          Function 6CB19DB7 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E44E
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E484
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6CB19E0B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2003897158-0
                                                                                                                                                                                                                                          • Opcode ID: 0392abc8346abb9432edadda823855fb6d68ac86c7edea52a039b6c52d66b926
                                                                                                                                                                                                                                          • Instruction ID: 10a377bd54a5680d8f69945b74f63b79d018649fdd957c419108b470509e2636
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0392abc8346abb9432edadda823855fb6d68ac86c7edea52a039b6c52d66b926
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B4218676A192C6ABDF189A25DC41AAF77ACEF45318B140179E902D7E40E734D908CB91
                                                                                                                                                                                                                                          Function 6CB19A3E Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(6CB19B64,00000001,00000000,?,-00000050,?,6CB1A192,00000000,?,?,?,00000055,?), ref: 6CB19AB0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 48c7aa5c8b3b57368fbb33cfe51b7ec0911d9ad53f6b4acb06ddfb7617ebed0f
                                                                                                                                                                                                                                          • Instruction ID: df394372fbe2494e84bf28b3eaa1b28deade4a85596f3d0ebf8d777dc298da3b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48c7aa5c8b3b57368fbb33cfe51b7ec0911d9ad53f6b4acb06ddfb7617ebed0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B11293A6187855FDB089F39C8915AABBE6FF8076CB18452CE58787F40D3317546CB40
                                                                                                                                                                                                                                          Function 6CB19FE3 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6CB19E61,00000000,00000000,?), ref: 6CB1A00F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3736152602-0
                                                                                                                                                                                                                                          • Opcode ID: d36f56acffe5bbd1565477ee750a4fa4adb9b7d326a4a3407014f88a956c6630
                                                                                                                                                                                                                                          • Instruction ID: 856f229dfca6534c872637bed540887bb6079a566482279e29c3ff8bd7115229
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d36f56acffe5bbd1565477ee750a4fa4adb9b7d326a4a3407014f88a956c6630
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BF0F932604155AFDB145621CC49BFF776CFB40358F114428EC12A3E80EA34FE49CAD1
                                                                                                                                                                                                                                          Function 6CB1994C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E44E
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: _free.LIBCMT ref: 6CB0E484
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 6CB199A0
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                                          • String ID: utf8
                                                                                                                                                                                                                                          • API String ID: 2003897158-905460609
                                                                                                                                                                                                                                          • Opcode ID: 6895ccecafe88d0d317785aec2b32358abaf7a9aa1d8fb83dada5c0aae8f00d9
                                                                                                                                                                                                                                          • Instruction ID: 6aefe95d5d6aa4f86efb5a883b4c68b662f7f274d478ca6cea36709415924377
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6895ccecafe88d0d317785aec2b32358abaf7a9aa1d8fb83dada5c0aae8f00d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28F02232B00185ABCB04AB38CC45AFF77ECEB45318F1001BDA602D7B80EB38AD098794
                                                                                                                                                                                                                                          Function 6CB19AD9 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(6CB19DB7,00000001,00000000,?,-00000050,?,6CB1A156,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 6CB19B23
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 228d55a5c972917fd20d8e7d48113ac2d27052c8f4f5e3ab1ef907abeec9e8bf
                                                                                                                                                                                                                                          • Instruction ID: d6fa57f0cfbe4af8e89e3ac1d70d72635760d87a4a4ac527ccf5c9ce5cb8c092
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 228d55a5c972917fd20d8e7d48113ac2d27052c8f4f5e3ab1ef907abeec9e8bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22F0F6367183C45FDB149F75D880AAF7BA5EF8136CF19452CF9464BF80C6B1AA42C650
                                                                                                                                                                                                                                          Function 6CB0E6E2 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0B7ED: EnterCriticalSection.KERNEL32(?,?,6CB0CA2E,00000000,6CB292E0,0000000C,6CB0C9F5,?,?,6CB0E6AB,?,?,6CB0E58E,00000001,00000364,00000008), ref: 6CB0B7FC
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(6CB0E6D5,00000001,6CB29420,0000000C,6CB0EAA3,00000000), ref: 6CB0E71A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1272433827-0
                                                                                                                                                                                                                                          • Opcode ID: c1027f13bf1743d12a75da6a8b8b7896a356cfd81146b302f60da99ce02ab638
                                                                                                                                                                                                                                          • Instruction ID: cbd0a687246ea2c93cecdd6f556ea6870ae3cb0a1946793bc20d7e81c4bda6ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1027f13bf1743d12a75da6a8b8b7896a356cfd81146b302f60da99ce02ab638
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14F04936B00284DFDB10CFA8D441BAD7BF0FB09325F00412AE425EB790CB7959088F80
                                                                                                                                                                                                                                          Function 6CB199F3 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • EnumSystemLocalesW.KERNEL32(6CB1994C,00000001,00000000,?,?,6CB1A1B4,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 6CB19A2A
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2417226690-0
                                                                                                                                                                                                                                          • Opcode ID: 141fb9ccaf37e76453a09d334e7afa07fe139041f27c0aff284955b2fa20eae8
                                                                                                                                                                                                                                          • Instruction ID: df4b9326564342bc2f6abfbe19cd453528fb8676f30a136869f3dc6b3caf48b5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 141fb9ccaf37e76453a09d334e7afa07fe139041f27c0aff284955b2fa20eae8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0F0553AB042C45BCB05AF36C8546AEBFA4EFC2328B0A4058EA098BE40D6319947C790
                                                                                                                                                                                                                                          Function 6CB0EBA7 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,6CB12F44,?,20001004,00000000,00000002,?,?,6CB12551), ref: 6CB0EBDB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoLocale
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2299586839-0
                                                                                                                                                                                                                                          • Opcode ID: f6082d1660748f55f52bdfc454e836f9678f9b4e65c530db7ed0d1ebb120b2dd
                                                                                                                                                                                                                                          • Instruction ID: b3cb4a8d655808d6d3d4cee0eff0a88e0ace660f82ea0077d4d07b5e1a7fbd0e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6082d1660748f55f52bdfc454e836f9678f9b4e65c530db7ed0d1ebb120b2dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE04F316411A8BBCF022FA0DC49E9E3E2AEF45760F004410FC4666A50DB319921AAE5
                                                                                                                                                                                                                                          Function 6CB0BCB0 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$Info
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2509303402-0
                                                                                                                                                                                                                                          • Opcode ID: a2b7bb6ba38ae2322514e0715593f60f7c7e1f499536f3fee55dc5fd561329ca
                                                                                                                                                                                                                                          • Instruction ID: b42a9b5d7e8a17b6d3bcd6bec08ed2779c7309eee03f1a09f1d3f29acad2b56c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a2b7bb6ba38ae2322514e0715593f60f7c7e1f499536f3fee55dc5fd561329ca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D18B71A013899FDB11CFB8C880BEEBBB5FF08304F144569E595A7A81EB71A845CB61
                                                                                                                                                                                                                                          Function 6CB176C8 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 6CB1770C
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18250
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18262
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18274
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18286
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18298
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB182AA
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB182BC
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB182CE
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB182E0
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB182F2
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18304
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18316
                                                                                                                                                                                                                                            • Part of subcall function 6CB18233: _free.LIBCMT ref: 6CB18328
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17701
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: HeapFree.KERNEL32(00000000,00000000,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?), ref: 6CB0E654
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: GetLastError.KERNEL32(?,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?,?), ref: 6CB0E666
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17723
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17738
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17743
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17765
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17778
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17786
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17791
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB177C9
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB177D0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB177ED
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB17805
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                                          • Opcode ID: f2d0e1743bf28f05e933b0a10438c3444ff7d28c9f07f52558a4606ad57f70e8
                                                                                                                                                                                                                                          • Instruction ID: 33c39d0ce7fa4f4b6cb9126827038fcbf63b398ea2a9ac5926f3b321fb572a9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d0e1743bf28f05e933b0a10438c3444ff7d28c9f07f52558a4606ad57f70e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 383170316093859FEB119A35E940B9E77E9FF10318F204419E0A5E7E90EFB1E944CB65
                                                                                                                                                                                                                                          Function 6CB18331 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                          • Opcode ID: f06bb30f5300f86b342422fe17bd1288c06d44fe1b115433fd51009cd7774d65
                                                                                                                                                                                                                                          • Instruction ID: 5c7ac0bd69836aa2ba2c3f45f8151d5728bcf8a7e2eb1057e3a167580cbffe3d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f06bb30f5300f86b342422fe17bd1288c06d44fe1b115433fd51009cd7774d65
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92C14371E44244AFDB10CBA8DC45FEE77F8AB09704F154155FA44FBA81E771AD448BA0
                                                                                                                                                                                                                                          Function 6CB09128 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6CB09225
                                                                                                                                                                                                                                          • type_info::operator==.LIBVCRUNTIME ref: 6CB09247
                                                                                                                                                                                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 6CB09356
                                                                                                                                                                                                                                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6CB09428
                                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 6CB094AC
                                                                                                                                                                                                                                          • CallUnexpected.LIBVCRUNTIME ref: 6CB094C7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                                                                                          • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                          • Opcode ID: 10490079fa1c14a1b67ec56289f0c2248d95a438d5f8f174db2bd43efc277920
                                                                                                                                                                                                                                          • Instruction ID: c1b1aeff1956347933d783db67b740288d00efabf807e0cbd41bcdae96fca982
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10490079fa1c14a1b67ec56289f0c2248d95a438d5f8f174db2bd43efc277920
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B17571E04289EFCF19DFA4C88099EBFB5FF04318B14825AE8256BA11D731DA55CF92
                                                                                                                                                                                                                                          Function 6CB0E2A8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2BE
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: HeapFree.KERNEL32(00000000,00000000,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?), ref: 6CB0E654
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: GetLastError.KERNEL32(?,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?,?), ref: 6CB0E666
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2CA
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2D5
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2E0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2EB
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E2F6
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E301
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E30C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E317
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E325
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: bb1dd027be17b98a609c9b097e75992e13cc60ef7a644345be5db5d9492079f1
                                                                                                                                                                                                                                          • Instruction ID: d5df61a5d70c2c251e3fe874b85fbc87c7dd6d2e90d1f3c7590bc85d958a07e0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb1dd027be17b98a609c9b097e75992e13cc60ef7a644345be5db5d9492079f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D21CB76A00288AFCB11DFA4D851DDD7FB8BF08244F4041A6F5559B660DB32EA49CF90
                                                                                                                                                                                                                                          Function 6CB18750 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                                          • Opcode ID: 72091f8c0fb6114c14eaed5540862a109b04f5b6a7d08faa215657371344284e
                                                                                                                                                                                                                                          • Instruction ID: 090945ecdfe410cfaa9b21c5fcbfae53cd5113dcd01c279d416a086ea3bcd079
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72091f8c0fb6114c14eaed5540862a109b04f5b6a7d08faa215657371344284e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7461C371908384AFD710CF78C840BAEB7F9FB45714F15451AE555EBA80EB72AD04CB61
                                                                                                                                                                                                                                          Function 6CB05D76 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 6CB05DBF
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 6CB05DEB
                                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 6CB05E2A
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CB05E47
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 6CB05E86
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 6CB05EA3
                                                                                                                                                                                                                                          • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6CB05EE5
                                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6CB05F08
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2040435927-0
                                                                                                                                                                                                                                          • Opcode ID: 674fe36814c355df2a98b5375b9cad2dd99cd6a3bce25cb90624d9c89610ee22
                                                                                                                                                                                                                                          • Instruction ID: ea616f214e31c8a77e34958f16d9deaa3ef564647c9dd3031f14043fd7f9547b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 674fe36814c355df2a98b5375b9cad2dd99cd6a3bce25cb90624d9c89610ee22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF51AD72B0129AABEF118E64CC44FAB3FA9EB04744F204129A914D6990DB74C818CA6D
                                                                                                                                                                                                                                          Function 6CB12B82 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E3EC: SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12E6D
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12E86
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12EC4
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12ECD
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12ED9
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorLast
                                                                                                                                                                                                                                          • String ID: C
                                                                                                                                                                                                                                          • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                          • Opcode ID: df21ee7c88bc3b3e272ded770fb5b00e02d90bdb043ea06abbb916d8054ba719
                                                                                                                                                                                                                                          • Instruction ID: 510228c6d8a4866aa56ead3e6f207d62021f958c1a76751d22468c8fbcf5f49b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df21ee7c88bc3b3e272ded770fb5b00e02d90bdb043ea06abbb916d8054ba719
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38B16C75A05259DFDB24CF18C888B9DB7B5FF49308F5046AAD849A7B50D730AE90CF81
                                                                                                                                                                                                                                          Function 6CB061E7 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __RTC_Initialize.LIBCMT ref: 6CB0622E
                                                                                                                                                                                                                                          • ___scrt_uninitialize_crt.LIBCMT ref: 6CB06248
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2442719207-0
                                                                                                                                                                                                                                          • Opcode ID: b40cc1bc9e5a5fd10b55137ed52342eaf955f71bbb9a3fa85f8b68ca0519b8c8
                                                                                                                                                                                                                                          • Instruction ID: 4a9989d80aaeca6f39786f7082f328f8888f2fa95c4f075f8cb8f806c0f569a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b40cc1bc9e5a5fd10b55137ed52342eaf955f71bbb9a3fa85f8b68ca0519b8c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22419F72F05695AEDB209F99C800BEF7EB4EB81769F10411DEC14D7A80D73489858BD1
                                                                                                                                                                                                                                          Function 6CB0E8AB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                          • API String ID: 0-537541572
                                                                                                                                                                                                                                          • Opcode ID: f4041745e39a5c9f045d332a039ed3a33cb6d219f35432f4a61d5a4e02c63969
                                                                                                                                                                                                                                          • Instruction ID: 9995f069a8713f936521681aa2297ecd3afbcb5d2352331cb1de75889fa9e9f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4041745e39a5c9f045d332a039ed3a33cb6d219f35432f4a61d5a4e02c63969
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE21EB72B05EE1EBDB518A758C49B0E3F68EF43764F250511E899A7A80E730E900C6E1
                                                                                                                                                                                                                                          Function 6CB18C12 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB1895E: _free.LIBCMT ref: 6CB18983
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18C60
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: HeapFree.KERNEL32(00000000,00000000,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?), ref: 6CB0E654
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: GetLastError.KERNEL32(?,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?,?), ref: 6CB0E666
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18C6B
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18C76
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18CCA
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18CD5
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18CE0
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18CEB
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 6020ab20a98c034692dd742553538e9c0749d6cca3a1ad9366bd63619cbd1f22
                                                                                                                                                                                                                                          • Instruction ID: a2b14d49790f306dd8094983986a6ca6fd796cc31ebf115e53d972b8541c3d44
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6020ab20a98c034692dd742553538e9c0749d6cca3a1ad9366bd63619cbd1f22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12114F71645B88AAD620ABB0CC09FCF7B9DBF01744F418C17A29966E50DF67B9088791
                                                                                                                                                                                                                                          Function 6CB0F557 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetConsoleOutputCP.KERNEL32(?,6CB0B169,900C408B), ref: 6CB0F59F
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 6CB0F784
                                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 6CB0F7A1
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000010,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB0F7E9
                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CB0F829
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CB0F8D1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1735259414-0
                                                                                                                                                                                                                                          • Opcode ID: 2d423ac06e5a6612ad92692f0e865d1eb6990b838aa800a0ca2907fe822d9296
                                                                                                                                                                                                                                          • Instruction ID: 2c2f5beaa3e474c21589f99cbcb4fb5e970edfe96fe0092635b0f541da19971b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d423ac06e5a6612ad92692f0e865d1eb6990b838aa800a0ca2907fe822d9296
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45C19B71E052989FCB05CFA8C8809EDBFB5FF09318F28416AE865B7641D631A906CF64
                                                                                                                                                                                                                                          Function 6CB011D0 Relevance: 9.1, APIs: 6, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6CB01203
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6CB01225
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6CB01245
                                                                                                                                                                                                                                          • __Getctype.LIBCPMT ref: 6CB012EC
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 6CB01315
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6CB0132D
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1102183713-0
                                                                                                                                                                                                                                          • Opcode ID: 7ad1ee2c8ac2c0599c068daff8736a0b21c400216c35479ba4a292da7d3990fe
                                                                                                                                                                                                                                          • Instruction ID: 60df30a2e35db3945a27da06b351a334bebbac8465d1b92a101e59663bfb6e41
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ad1ee2c8ac2c0599c068daff8736a0b21c400216c35479ba4a292da7d3990fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11418C71B042989BDB19CF98C440BAEBBB8FF05718F18425DD816ABB40DB34E949CB95
                                                                                                                                                                                                                                          Function 6CB08DF1 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000001,?,6CB08D02,6CB064A4,6CB060B8,?,6CB062F0,?,00000001,?,?,00000001,?,6CB28FC0,0000000C,6CB063E9), ref: 6CB08DFF
                                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6CB08E0D
                                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6CB08E26
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,6CB062F0,?,00000001,?,?,00000001,?,6CB28FC0,0000000C,6CB063E9,?,00000001,?), ref: 6CB08E78
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                                          • Opcode ID: 0fd1aec4d424da625bf0138529477d2ec37e100dc4427210abfa7a34fff910e4
                                                                                                                                                                                                                                          • Instruction ID: b7753cb76ed4cb897cd3b27adfebb8d1ca51b32d8ab7eb1c8906d1a9040cea70
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fd1aec4d424da625bf0138529477d2ec37e100dc4427210abfa7a34fff910e4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF01843270D6515EEA151976BC85EAF3F68EB0277C720032BF1108AAD0EF6658065551
                                                                                                                                                                                                                                          Function 6CB16AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp, xrefs: 6CB16AC5
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                          • API String ID: 0-3820085865
                                                                                                                                                                                                                                          • Opcode ID: c97094416177f81cfd7fd2a40d9cfef7ce11e1c0eb3b7316ea7359c6b515b0bc
                                                                                                                                                                                                                                          • Instruction ID: bd1101d9c89c3df6a42c911b53357bdc4be928c9e38f5e10f5c2ae94a12366d0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c97094416177f81cfd7fd2a40d9cfef7ce11e1c0eb3b7316ea7359c6b515b0bc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B21BE71708285AF9B10AFE68C81C9F7BACEF053787108618E814C7E50EB31DE4087A2
                                                                                                                                                                                                                                          Function 6CB09E52 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,6CB09F13,00000000,?,00000001,00000000,?,6CB09F8A,00000001,FlsFree,6CB1ED2C,FlsFree,00000000), ref: 6CB09EE2
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                          • Opcode ID: 88882300c0988a51e7271642211416ec12d19654bf3e313fcf2ee6985f76afbe
                                                                                                                                                                                                                                          • Instruction ID: ed07ab3174f75a97785f110f193d44f41e7294e93ff03ab8c2bb5f94f0cf6d65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88882300c0988a51e7271642211416ec12d19654bf3e313fcf2ee6985f76afbe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711C672F46264ABDB128A689C4575D3BB8EF02774F240620F929E7AC0E730ED0586D6
                                                                                                                                                                                                                                          Function 6CB0CE81 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6CB0CE33,?,?,6CB0CDFB,000000FF,00000000,?), ref: 6CB0CE96
                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CB0CEA9
                                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,6CB0CE33,?,?,6CB0CDFB,000000FF,00000000,?), ref: 6CB0CECC
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                          • Opcode ID: df0cedbef109193857debaced6198f6153e464b4334f43592dc25942b9c06575
                                                                                                                                                                                                                                          • Instruction ID: 935ddc38f970fa4113c501e7e710d4e64b5b723a24153e4d9facedd1d1fa8859
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df0cedbef109193857debaced6198f6153e464b4334f43592dc25942b9c06575
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91F01C31B01559FBDF02ABA0E85AB9E7F78EB01769F204060E905E2950CB749F15DAA2
                                                                                                                                                                                                                                          Function 6CB1380E Relevance: 7.7, APIs: 5, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 6CB13892
                                                                                                                                                                                                                                          • __alloca_probe_16.LIBCMT ref: 6CB13958
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 6CB139C4
                                                                                                                                                                                                                                            • Part of subcall function 6CB1163A: HeapAlloc.KERNEL32(00000000,?,?,?,6CB05F7A,?,?,6CB01732,00000008,6D1D67B9,?,?,?,?,6CB014F3,?), ref: 6CB1166C
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 6CB139CD
                                                                                                                                                                                                                                          • __freea.LIBCMT ref: 6CB139F0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1096550386-0
                                                                                                                                                                                                                                          • Opcode ID: bb44903c339b470786886aae367a5418b3cb28312a58e315169a99bda3d994f1
                                                                                                                                                                                                                                          • Instruction ID: c96307d79f1dc307c04e0f02861c1223811deb5baf9a454950359351ea5ae4a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb44903c339b470786886aae367a5418b3cb28312a58e315169a99bda3d994f1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B251D572609186ABEF118F54CC80EAF3BA9EF40798F254129FD15A7E40F735DC1587A1
                                                                                                                                                                                                                                          Function 6CB126F7 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB1163A: HeapAlloc.KERNEL32(00000000,?,?,?,6CB05F7A,?,?,6CB01732,00000008,6D1D67B9,?,?,?,?,6CB014F3,?), ref: 6CB1166C
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12806
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB1281D
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB1283A
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB12855
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB1286C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$AllocHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1835388192-0
                                                                                                                                                                                                                                          • Opcode ID: 3e41d8837ad8327b9f35400a64be0ef864ffd93a5e691dfc9ca460a573152119
                                                                                                                                                                                                                                          • Instruction ID: e353e228e778c3ed35ee85e34f8f046e2ef57169a39c4eb1c86a82d6b5adb916
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e41d8837ad8327b9f35400a64be0ef864ffd93a5e691dfc9ca460a573152119
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A51E632A083449FDB11CF69CC41AAA77F4FF5A329F140569E809D7E90E731DA05CB92
                                                                                                                                                                                                                                          Function 6CB01070 Relevance: 7.6, APIs: 5, Instructions: 113COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6CB010A1
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6CB010BF
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6CB010DF
                                                                                                                                                                                                                                          • std::_Facet_Register.LIBCPMT ref: 6CB01196
                                                                                                                                                                                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 6CB011AE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 459529453-0
                                                                                                                                                                                                                                          • Opcode ID: 2db1a4595dc7245878bdc277ac3c77e0eb6a81a4bd65b980f8e3bb870bc291c8
                                                                                                                                                                                                                                          • Instruction ID: 214cd246bfdb4ac6a0a58da5ecf36ec82b00a7bb43aa7df6ab36a71e34a236c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2db1a4595dc7245878bdc277ac3c77e0eb6a81a4bd65b980f8e3bb870bc291c8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541ED71B452849FCB19CF58C480AAEBFB8FF04718F284169D8069BB81DB34E946CBD1
                                                                                                                                                                                                                                          Function 6CB06297 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3136044242-0
                                                                                                                                                                                                                                          • Opcode ID: 777df481179cf39b4e2185db5b789b1c4129e9c14b0247cc247f06d82577446d
                                                                                                                                                                                                                                          • Instruction ID: 86b1563f77e975fe0614a5c971c9562caf76ffa50d38b4355dacdc0fcf72cf95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 777df481179cf39b4e2185db5b789b1c4129e9c14b0247cc247f06d82577446d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02217F72F01695AFDB218E59C840AEF3E69EB81798F01421DFC14D7A50D7318E858BE0
                                                                                                                                                                                                                                          Function 6CB186E7 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB186FF
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: HeapFree.KERNEL32(00000000,00000000,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?), ref: 6CB0E654
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: GetLastError.KERNEL32(?,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?,?), ref: 6CB0E666
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18711
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18723
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18735
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB18747
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 46c964da6fce967542cbc50f73845b19e22b6bb47eeb822537449501ea1b2ff4
                                                                                                                                                                                                                                          • Instruction ID: b5f96fbc2787ed026c01487ada5bdcefba9b6d97535ccf71bed9de5d35411cde
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46c964da6fce967542cbc50f73845b19e22b6bb47eeb822537449501ea1b2ff4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF012317092C49BCA10DA64E5C9C6EBBE9FB127647610806F098D7E00DB3AFC808AE5
                                                                                                                                                                                                                                          Function 6CB01640 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 157COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::locale::_Init.LIBCPMT ref: 6CB01744
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initstd::locale::_
                                                                                                                                                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                          • API String ID: 1620887387-1866435925
                                                                                                                                                                                                                                          • Opcode ID: 8f198191996b4e70676d30fca7d44cf347cba5de82c943cee24e3b91dbdef152
                                                                                                                                                                                                                                          • Instruction ID: 0404d9493fd7489df1b25ef7fec3bcacc75e7616ecc3ef8d124a3ba35c0c5b61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f198191996b4e70676d30fca7d44cf347cba5de82c943cee24e3b91dbdef152
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1518DB1600685AFEB00CF65C594B9ABBF4FF08308F14852DD9059BB81D7BAE958CBD1
                                                                                                                                                                                                                                          Function 6CB08ED1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AdjustPointer
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1740715915-0
                                                                                                                                                                                                                                          • Opcode ID: 00097ace17cb80b5a0943216798ccbfd7502fbe7a174d4b57318c36478665431
                                                                                                                                                                                                                                          • Instruction ID: d93131fc799ab01dfc6b253165c635e0534099e191fb59279e9d91609e69f9a3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 00097ace17cb80b5a0943216798ccbfd7502fbe7a174d4b57318c36478665431
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E510672B05282AFEF158F24D450BAABFB9FF40318F20452EE81557A90F732E944C791
                                                                                                                                                                                                                                          Function 6CB1BE9A Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB1BF6A
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB1BF93
                                                                                                                                                                                                                                          • SetEndOfFile.KERNEL32(00000000,6CB1AA7C,00000000,6CB1AC85,?,?,?,?,?,?,?,6CB1AA7C,6CB1AC85,00000000), ref: 6CB1BFC5
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,6CB1AA7C,6CB1AC85,00000000,?,?,?,?,00000000), ref: 6CB1BFE1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFileLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1547350101-0
                                                                                                                                                                                                                                          • Opcode ID: a475d9035ca039b37b7ede5630850e98d9eb4b86eb7386757e29b36f79354811
                                                                                                                                                                                                                                          • Instruction ID: e49b7982d53c5b06cabaf7e28e6d59b41109a4056effdc91d1e1a1c9fed332c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a475d9035ca039b37b7ede5630850e98d9eb4b86eb7386757e29b36f79354811
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541A1B2A09684AADF015BF5CC41BCE3B75EF49328F240555E924E7FA0EB34C9458B62
                                                                                                                                                                                                                                          Function 6CB1642C Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                            • Part of subcall function 6CB0C778: _free.LIBCMT ref: 6CB0C786
                                                                                                                                                                                                                                            • Part of subcall function 6CB16101: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,6CB139BA,?,00000000,00000000), ref: 6CB161AD
                                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 6CB16494
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB1649B
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6CB164DA
                                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 6CB164E1
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 167067550-0
                                                                                                                                                                                                                                          • Opcode ID: b3c2776498f91960d632817d5bc1fae2e459c27eba7636a7e8e1a6324b6e344f
                                                                                                                                                                                                                                          • Instruction ID: 8dc240c43192a5e6b05a7b9c02ffc805e058a0adcd1f54d71949429c5b26eb1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3c2776498f91960d632817d5bc1fae2e459c27eba7636a7e8e1a6324b6e344f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C021C87160C695AF9B109FBB8C9085B7BBCEF0536C714C668E854D7E50DB31DC4087A1
                                                                                                                                                                                                                                          Function 6CB0E3EC Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,6CB0C305,00000000,00000000,?,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E3F1
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E44E
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E484
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB11863,00000000,00000000,000000FF,?,?), ref: 6CB0E48F
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                          • Opcode ID: 4f6dc02e8b18e7e32934f482e35384ab62ceaaf48be1cf1b55278209910ce4cd
                                                                                                                                                                                                                                          • Instruction ID: 393906174e82c033fb6f45797da38bfdf690e55da127631bb0388e0190c6b8f5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4f6dc02e8b18e7e32934f482e35384ab62ceaaf48be1cf1b55278209910ce4cd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D11E9327452C02EDA1116B95C88E6E2D6AEBC327D7240334F5A597ED0EF258C0945F2
                                                                                                                                                                                                                                          Function 6CB0E543 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,6CB0C2B7,6CB1167D,?,?,6CB05F7A,?,?,6CB01732,00000008,6D1D67B9,?,?,?), ref: 6CB0E548
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E5A5
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0E5DB
                                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00000008,000000FF,?,6CB05F7A,?,?,6CB01732,00000008,6D1D67B9,?,?,?,?,6CB014F3,?), ref: 6CB0E5E6
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorLast_free
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2283115069-0
                                                                                                                                                                                                                                          • Opcode ID: a0cb04fe68a2922487461650525f782d68ca874440ca089dc0c428a37fd45843
                                                                                                                                                                                                                                          • Instruction ID: 70bf75a9fb0218dfc21483064c2a20fb99cbd81558576f8541246f78f9b5d888
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0cb04fe68a2922487461650525f782d68ca874440ca089dc0c428a37fd45843
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0211C8327456C06EDB1156B99CC4D6E2D7AEBC327D7240B24F1A593AC0FF268C1546E2
                                                                                                                                                                                                                                          Function 6CB1BAA8 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(6CB0B169,6CB05C4D,00000000,00000000,6CB0B169,?,6CB18121,6CB0B169,00000001,6CB0B169,6CB0B169,?,6CB0F92E,900C408A,?,6CB0B169), ref: 6CB1BABF
                                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,6CB18121,6CB0B169,00000001,6CB0B169,6CB0B169,?,6CB0F92E,900C408A,?,6CB0B169,900C408A,6CB0B169,?,6CB0FE7A,00000010), ref: 6CB1BACB
                                                                                                                                                                                                                                            • Part of subcall function 6CB1BA91: CloseHandle.KERNEL32(FFFFFFFE,6CB1BADB,?,6CB18121,6CB0B169,00000001,6CB0B169,6CB0B169,?,6CB0F92E,900C408A,?,6CB0B169,900C408A,6CB0B169), ref: 6CB1BAA1
                                                                                                                                                                                                                                          • ___initconout.LIBCMT ref: 6CB1BADB
                                                                                                                                                                                                                                            • Part of subcall function 6CB1BA53: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6CB1BA82,6CB1810E,6CB0B169,?,6CB0F92E,900C408A,?,6CB0B169,900C408A), ref: 6CB1BA66
                                                                                                                                                                                                                                          • WriteConsoleW.KERNEL32(6CB0B169,6CB05C4D,00000000,00000000,?,6CB18121,6CB0B169,00000001,6CB0B169,6CB0B169,?,6CB0F92E,900C408A,?,6CB0B169,900C408A), ref: 6CB1BAF0
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2744216297-0
                                                                                                                                                                                                                                          • Opcode ID: db24661702590b17da875dab97372b39301f077ce7d9e6a3188abb170fa360bf
                                                                                                                                                                                                                                          • Instruction ID: 81634ab8a5f6ada1ca94e3c736edb50cbddf3faaddc52f1b649ed2caecd69d8d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db24661702590b17da875dab97372b39301f077ce7d9e6a3188abb170fa360bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5F03036654164BFCF121FA6DC099CD7FF6FF4A3A4F144114FA1986A20CB3289209F91
                                                                                                                                                                                                                                          Function 6CB0D7F4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0D7FD
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: HeapFree.KERNEL32(00000000,00000000,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?), ref: 6CB0E654
                                                                                                                                                                                                                                            • Part of subcall function 6CB0E63E: GetLastError.KERNEL32(?,?,6CB18988,?,00000000,?,?,?,6CB18C2B,?,00000007,?,?,6CB1785F,?,?), ref: 6CB0E666
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0D810
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0D821
                                                                                                                                                                                                                                          • _free.LIBCMT ref: 6CB0D832
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                                          • Opcode ID: 1ff3145c4559c76113e2c83f0e8948a3f15eda3bf95296b9f2e8ecf14d28ae10
                                                                                                                                                                                                                                          • Instruction ID: b89b4d422a343de6ef8144fd7e4d77102f63f190a6ba244364a592dc57b23741
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ff3145c4559c76113e2c83f0e8948a3f15eda3bf95296b9f2e8ecf14d28ae10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05E0EC75B146E89A8F025F74A9088AE3E72F76A7243450006E45613718DF3E0956DFD5
                                                                                                                                                                                                                                          Function 6CB0C45D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6CB0C4ED
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                          • Opcode ID: 8d52ac5c563e73603f48ef121de62e72617146201c31f35ff9ce87123ffcd92d
                                                                                                                                                                                                                                          • Instruction ID: 83aa85b1b9744c6ebcf67df5de31774086f0dc39b6c7613de34df5994473f52b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d52ac5c563e73603f48ef121de62e72617146201c31f35ff9ce87123ffcd92d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9516AA0B5D1C186CB017E54C9513AE7FF4EB41718F304959E4E543E98EF38889D8B9B
                                                                                                                                                                                                                                          Function 6CB0CF0F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\is-PGNBU.tmp\AdblockInstaller.tmp
                                                                                                                                                                                                                                          • API String ID: 0-3820085865
                                                                                                                                                                                                                                          • Opcode ID: 79d5ec20b7bdcb7504a7837947aa228667bc8b53c009d88b0b8d84240c33337d
                                                                                                                                                                                                                                          • Instruction ID: 39fb51dbded65a1fff8afb4e89dc5149832041c44b1d0beacc561877edf6c524
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79d5ec20b7bdcb7504a7837947aa228667bc8b53c009d88b0b8d84240c33337d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 044191B1B04294AFCB119FA9D880DEEBFFCEB85314F104166E405D7B40EB719A45CBA2
                                                                                                                                                                                                                                          Function 6CB08B80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6CB08BBF
                                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6CB08C73
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                                          • API String ID: 3480331319-1018135373
                                                                                                                                                                                                                                          • Opcode ID: 2f10a13c57d6222d4de19241b54a6ac0c4c63f0f80e093b9270db4f974de5ee6
                                                                                                                                                                                                                                          • Instruction ID: ea3bef8d409afd782da7efbdb4333dfcf58c116b53a67d7f136667b67dcfaf82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2f10a13c57d6222d4de19241b54a6ac0c4c63f0f80e093b9270db4f974de5ee6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6541B334B012989FCF10DF68C884ADEBFB5EF45328F108156E918ABB91D732DA45CB91
                                                                                                                                                                                                                                          Function 6CB094D2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6CB094F7
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                                                                                          • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                          • Opcode ID: 639469e769289212bff3715a08302bb7537455611d600eb18a0afdec959b2dfa
                                                                                                                                                                                                                                          • Instruction ID: a2d1b2c3600bf81214e15498bb3222eb2e60c2adbdd0fbf6133b5879777b7520
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 639469e769289212bff3715a08302bb7537455611d600eb18a0afdec959b2dfa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1415571E00289AFCF06CF95C880AEEBFB5FF48308F148199EA15A7651D3369A50DB52
                                                                                                                                                                                                                                          Function 6CB01A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 6CB01A5B
                                                                                                                                                                                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 6CB01AAA
                                                                                                                                                                                                                                            • Part of subcall function 6CB056F9: _Yarn.LIBCPMT ref: 6CB05718
                                                                                                                                                                                                                                            • Part of subcall function 6CB056F9: _Yarn.LIBCPMT ref: 6CB0573C
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000002.00000002.4215726389.000000006CB01000.00000020.00000001.01000000.00000010.sdmp, Offset: 6CB00000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215660032.000000006CB00000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4215923365.000000006CB1D000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216021475.000000006CB2A000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000002.00000002.4216084532.000000006CB2C000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_2_2_6cb00000_AdblockInstaller.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                          • String ID: bad locale name
                                                                                                                                                                                                                                          • API String ID: 1908188788-1405518554
                                                                                                                                                                                                                                          • Opcode ID: 73cb1d0639cccd23dd55011e6f306e54bd036ba000aefb0731cbc6975b6be3a9
                                                                                                                                                                                                                                          • Instruction ID: db05b57da1f187cf281fdbaf9884c8f5df43c4fe958f81905e4e287ac88f5e06
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73cb1d0639cccd23dd55011e6f306e54bd036ba000aefb0731cbc6975b6be3a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B118C71904B849ED320CF68C80478BBBE8EB19614F004A1ED49AC3F40D775A5088BA9

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:2.5%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:2.1%
                                                                                                                                                                                                                                          Total number of Nodes:1819
                                                                                                                                                                                                                                          Total number of Limit Nodes:35
                                                                                                                                                                                                                                          execution_graph 106344 7ffdfb21370f 106354 7ffdfb21b73f 106344->106354 106345 7ffdfb2136bb InternetReadFileExW 106346 7ffdfb2136ea GetLastError 106345->106346 106347 7ffdfb213849 106346->106347 106348 7ffdfb2136ad fread_s 106346->106348 106349 7ffdfb213e30 36 API calls 106347->106349 106348->106345 106350 7ffdfb213854 106349->106350 106351 7ffdfb313cc4 _CxxThrowException 2 API calls 106350->106351 106352 7ffdfb213864 CloseHandle 106351->106352 106355 7ffdfb313cc4 _CxxThrowException 2 API calls 106354->106355 106356 7ffdfb21b74f 106355->106356 106357 7ffdfb313cc4 _CxxThrowException 2 API calls 106356->106357 106358 7ffdfb21b770 WaitForSingleObject 106357->106358 106360 7ffdfb21b7af 106358->106360 106367 7ffdfb3296d0 106360->106367 106366 7ffdfb21b814 106366->106348 106368 7ffdfb3296f0 106367->106368 106369 7ffdfb21b7c4 106367->106369 106368->106369 106370 7ffdfb329712 106368->106370 106371 7ffdfb3296fa 106368->106371 106376 7ffdfb329334 106369->106376 106380 7ffdfb329490 106370->106380 106387 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 106371->106387 106374 7ffdfb3296ff 106388 7ffdfb31f0f8 31 API calls _invalid_parameter_noinfo 106374->106388 106377 7ffdfb21b7d7 106376->106377 106378 7ffdfb32934b QueryPerformanceCounter 106376->106378 106377->106366 106379 7ffdfb218dd4 52 API calls 3 library calls 106377->106379 106378->106377 106379->106366 106389 7ffdfb329e50 EnterCriticalSection 106380->106389 106382 7ffdfb3294ad 106383 7ffdfb3294d0 32 API calls 106382->106383 106384 7ffdfb3294b6 106383->106384 106385 7ffdfb329e5c fread_s LeaveCriticalSection 106384->106385 106386 7ffdfb3294c1 106385->106386 106386->106369 106387->106374 106388->106369 106850 7ffdfb213230 106851 7ffdfb21324f _Stollx fread_s 106850->106851 106852 7ffdfb2132ac InternetCrackUrlA 106851->106852 106853 7ffdfb2137cc 106852->106853 106854 7ffdfb213e30 36 API calls 106853->106854 106855 7ffdfb2137d8 106854->106855 106856 7ffdfb313cc4 _CxxThrowException 2 API calls 106855->106856 106857 7ffdfb2137e9 106856->106857 106858 7ffdfb213e30 36 API calls 106857->106858 106859 7ffdfb2137f5 106858->106859 106860 7ffdfb313cc4 _CxxThrowException 2 API calls 106859->106860 106861 7ffdfb213805 106860->106861 106862 7ffdfb213e30 36 API calls 106861->106862 106863 7ffdfb213811 106862->106863 106864 7ffdfb313cc4 _CxxThrowException 2 API calls 106863->106864 106865 7ffdfb213821 106864->106865 106866 7ffdfb313cc4 _CxxThrowException 2 API calls 106865->106866 106867 7ffdfb213842 106866->106867 106868 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106867->106868 106869 7ffdfb213848 106868->106869 106870 7ffdfb213e30 36 API calls 106869->106870 106871 7ffdfb213854 106870->106871 106872 7ffdfb313cc4 _CxxThrowException 2 API calls 106871->106872 106873 7ffdfb213864 CloseHandle 106872->106873 106579 7ffdfa8819b0 106582 7ffdfa8bacf0 106579->106582 106583 7ffdfa9001b4 std::_Facet_Register 2 API calls 106582->106583 106584 7ffdfa8bad07 106583->106584 106585 7ffdfa8819c0 106584->106585 106587 7ffdfa8bad30 106584->106587 106609 7ffdfa8a8ab0 106587->106609 106589 7ffdfa8bad47 106590 7ffdfa8a8ab0 shared_ptr 2 API calls 106589->106590 106591 7ffdfa8bad5c 106590->106591 106592 7ffdfa8a8ab0 shared_ptr 2 API calls 106591->106592 106593 7ffdfa8bad70 memcpy 106592->106593 106594 7ffdfa8bae10 106593->106594 106597 7ffdfa8bae44 106594->106597 106615 7ffdfa8baad0 106594->106615 106596 7ffdfa8baad0 shared_ptr 163 API calls 106596->106597 106597->106596 106599 7ffdfa8bae80 106597->106599 106598 7ffdfa8baad0 shared_ptr 163 API calls 106598->106599 106599->106598 106600 7ffdfa8baeb4 106599->106600 106612 7ffdfa8baca0 106600->106612 106603 7ffdfa8baefd 106605 7ffdfa8baf0b 106603->106605 106606 7ffdfa8baf04 terminate 106603->106606 106604 7ffdfa8baf23 106607 7ffdfa8baf46 CloseHandle 106604->106607 106608 7ffdfa8baf50 106604->106608 106605->106585 106606->106605 106607->106608 106608->106585 106610 7ffdfa9001b4 std::_Facet_Register 2 API calls 106609->106610 106611 7ffdfa8a8ac6 shared_ptr 106610->106611 106611->106589 106613 7ffdfa9001b4 std::_Facet_Register 2 API calls 106612->106613 106614 7ffdfa8bacba _beginthreadex 106613->106614 106614->106603 106614->106604 106616 7ffdfa8bac56 106615->106616 106617 7ffdfa8bab1a 106615->106617 106650 7ffdfa88dd40 ?_Xlength_error@std@@YAXPEBD 106616->106650 106619 7ffdfa8bab58 106617->106619 106620 7ffdfa8bab3a 106617->106620 106622 7ffdfa8bab97 106619->106622 106623 7ffdfa8bab85 106619->106623 106624 7ffdfa8bac5b Concurrency::cancel_current_task 106619->106624 106646 7ffdfa882670 10 API calls 2 library calls 106620->106646 106626 7ffdfa8bab4e 106622->106626 106629 7ffdfa9001b4 std::_Facet_Register 2 API calls 106622->106629 106647 7ffdfa882670 10 API calls 2 library calls 106623->106647 106637 7ffdfa8bb1a0 106624->106637 106627 7ffdfa8babdf 106626->106627 106648 7ffdfa885080 memcpy 106626->106648 106649 7ffdfa885080 memcpy 106627->106649 106629->106626 106633 7ffdfa8bac88 106633->106594 106634 7ffdfa8babef 106635 7ffdfa8bac21 106634->106635 106636 7ffdfa8bac4f _invalid_parameter_noinfo_noreturn 106634->106636 106635->106594 106636->106616 106643 7ffdfa8bb1c1 shared_ptr 106637->106643 106638 7ffdfa8bac7e _Cnd_do_broadcast_at_thread_exit 106638->106633 106640 7ffdfa8aa100 _Query_perf_frequency _Query_perf_counter shared_ptr 106640->106643 106642 7ffdfa8bb2e2 GetAsyncKeyState 106644 7ffdfa8bb2f3 shared_ptr 106642->106644 106643->106638 106643->106640 106643->106642 106651 7ffdfa8a83f0 106643->106651 106656 7ffdfa8bb430 GetForegroundWindow 106643->106656 106667 7ffdfa5d7fc0 _Mtx_lock 106643->106667 106644->106642 106644->106643 106646->106626 106647->106626 106648->106627 106649->106634 106686 7ffdfa8a8220 _Query_perf_frequency _Query_perf_counter 106651->106686 106657 7ffdfa8bb472 GetWindowThreadProcessId 106656->106657 106664 7ffdfa8bb5bf shared_ptr 106656->106664 106658 7ffdfa8bb493 GetCurrentProcessId 106657->106658 106657->106664 106659 7ffdfa8bb4a7 106658->106659 106658->106664 106660 7ffdfa8bb4b4 OpenProcess 106659->106660 106659->106664 106661 7ffdfa9001b4 std::_Facet_Register 2 API calls 106660->106661 106662 7ffdfa8bb4e7 shared_ptr 106661->106662 106663 7ffdfa9001b4 std::_Facet_Register 2 API calls 106662->106663 106662->106664 106665 7ffdfa8bb585 106663->106665 106664->106643 106665->106664 106694 7ffdfa8c5c90 117 API calls shared_ptr 106665->106694 106668 7ffdfa5d7ff8 ?_Throw_C_error@std@@YAXH 106667->106668 106669 7ffdfa5d8001 106667->106669 106668->106669 106670 7ffdfa5d8007 106669->106670 106671 7ffdfa5d805d 106669->106671 106672 7ffdfa5d8027 106670->106672 106673 7ffdfa5d8021 ?_Xbad_function_call@std@ 106670->106673 106674 7ffdfa5d8063 _Mtx_unlock 106671->106674 106675 7ffdfa5d809e 106671->106675 106681 7ffdfa5d8046 _Mtx_unlock 106672->106681 106682 7ffdfa5d8036 _Mtx_unlock 106672->106682 106673->106672 106676 7ffdfa5d80f8 106674->106676 106677 7ffdfa5d80ec _Mtx_unlock 106675->106677 106683 7ffdfa5d80a4 106675->106683 106719 7ffdfa5dada0 106676->106719 106677->106676 106681->106676 106682->106676 106684 7ffdfa5d80c0 _Mtx_unlock 106683->106684 106685 7ffdfa5d80cf wcstombs 106683->106685 106695 7ffdfa5d2570 CreateDXGIFactory2 106683->106695 106684->106676 106685->106683 106687 7ffdfa8a826b 106686->106687 106688 7ffdfa8a8410 _Query_perf_frequency _Query_perf_counter 106687->106688 106689 7ffdfa8a845f shared_ptr 106688->106689 106690 7ffdfa8a84b4 106688->106690 106693 7ffdfa8a8481 _Query_perf_frequency _Query_perf_counter 106689->106693 106691 7ffdfa900310 shared_ptr 8 API calls 106690->106691 106692 7ffdfa8a8409 106691->106692 106692->106643 106693->106689 106693->106690 106694->106664 106706 7ffdfa5d25c6 106695->106706 106714 7ffdfa5d2648 106695->106714 106696 7ffdfa5d26a8 106697 7ffdfa5d26b2 ??0_Lockit@std@@QEAA@H ??Bid@locale@std@ 106696->106697 106699 7ffdfa5d2715 106697->106699 106698 7ffdfa5dada0 8 API calls 106700 7ffdfa5d2695 106698->106700 106701 7ffdfa5d278a ??1_Lockit@std@@QEAA ?always_noconv@codecvt_base@std@ 106699->106701 106702 7ffdfa5d272c ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12 106699->106702 106703 7ffdfa5d2738 106699->106703 106700->106683 106704 7ffdfa5d27ac ?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@ 106701->106704 106705 7ffdfa5d27a2 106701->106705 106702->106703 106703->106701 106708 7ffdfa5d274f ?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@ 106703->106708 106704->106705 106707 7ffdfa5dada0 8 API calls 106705->106707 106706->106696 106706->106714 106709 7ffdfa5d27c6 106707->106709 106710 7ffdfa5d27d3 106708->106710 106711 7ffdfa5d2763 106708->106711 106709->106683 106729 7ffdfa5d2510 _CxxThrowException __std_exception_copy Concurrency::cancel_current_task 106710->106729 106728 7ffdfa5dad4c __std_exception_copy malloc _CxxThrowException std::_Facet_Register 106711->106728 106714->106698 106715 7ffdfa5d27d8 106717 7ffdfa5d2814 106715->106717 106718 7ffdfa5d2803 fflush 106715->106718 106716 7ffdfa5d2775 106716->106701 106717->106683 106718->106717 106720 7ffdfa5dadaa 106719->106720 106721 7ffdfa5db7b0 IsProcessorFeaturePresent 106720->106721 106722 7ffdfa5d8108 106720->106722 106723 7ffdfa5db7c7 106721->106723 106722->106643 106730 7ffdfa5db884 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 106723->106730 106725 7ffdfa5db7da 106731 7ffdfa5db77c SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 106725->106731 106728->106716 106729->106715 106730->106725 106732 7ffdfb209252 106733 7ffdfb2094a1 106732->106733 106738 7ffdfb20926b ctype fread_s 106732->106738 106734 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106733->106734 106735 7ffdfb2094a6 EnterCriticalSection 106734->106735 106736 7ffdfb2094d7 106735->106736 106737 7ffdfb20951b LeaveCriticalSection 106735->106737 106774 7ffdfb2184d0 36 API calls 2 library calls 106736->106774 106739 7ffdfb209525 106737->106739 106741 7ffdfb209295 VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 106738->106741 106745 7ffdfb209360 106738->106745 106743 7ffdfb20932d 106741->106743 106744 7ffdfb209306 GetModuleHandleA GetProcAddress 106741->106744 106742 7ffdfb2094ec 106742->106737 106775 7ffdfb215678 106742->106775 106748 7ffdfb209347 EnterCriticalSection LeaveCriticalSection 106743->106748 106749 7ffdfb209339 GetThreadLocale 106743->106749 106744->106743 106747 7ffdfb209328 106744->106747 106751 7ffdfb20937a 106745->106751 106753 7ffdfb2093c9 106745->106753 106747->106743 106748->106745 106749->106745 106749->106748 106750 7ffdfb2094fd 106750->106737 106754 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 106751->106754 106763 7ffdfb2093c7 106751->106763 106752 7ffdfb311620 ctype 8 API calls 106756 7ffdfb209485 106752->106756 106757 7ffdfb2093e4 106753->106757 106758 7ffdfb2093fc EnterCriticalSection 106753->106758 106755 7ffdfb209391 fread_s 106754->106755 106766 7ffdfb215478 45 API calls 106755->106766 106759 7ffdfb20a59c 62 API calls 106757->106759 106760 7ffdfb209455 106758->106760 106761 7ffdfb20941b 106758->106761 106759->106763 106773 7ffdfb2184d0 36 API calls 2 library calls 106760->106773 106764 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 106761->106764 106763->106752 106765 7ffdfb209425 106764->106765 106768 7ffdfb215478 45 API calls 106765->106768 106769 7ffdfb2093b5 106766->106769 106767 7ffdfb20946a LeaveCriticalSection 106767->106763 106770 7ffdfb20943c 106768->106770 106771 7ffdfb21560c 38 API calls 106769->106771 106772 7ffdfb21560c 38 API calls 106770->106772 106771->106763 106772->106760 106773->106767 106774->106742 106776 7ffdfb215685 WaitForSingleObject 106775->106776 106777 7ffdfb215697 106775->106777 106778 7ffdfb215692 106776->106778 106779 7ffdfb2156b4 106776->106779 106780 7ffdfb213e30 36 API calls 106777->106780 106778->106750 106782 7ffdfb213e30 36 API calls 106779->106782 106781 7ffdfb2156a3 106780->106781 106783 7ffdfb313cc4 _CxxThrowException 2 API calls 106781->106783 106784 7ffdfb2156c1 106782->106784 106783->106779 106785 7ffdfb313cc4 _CxxThrowException 2 API calls 106784->106785 106786 7ffdfb2156d2 106785->106786 106786->106750 106390 7ffdfb209614 106391 7ffdfb207484 numpunct 33 API calls 106390->106391 106392 7ffdfb209655 106391->106392 106393 7ffdfb207484 numpunct 33 API calls 106392->106393 106394 7ffdfb209663 std::_Locinfo::_Locinfo_ctor 106393->106394 106396 7ffdfb2096c1 106394->106396 106454 7ffdfb208cfc 34 API calls 2 library calls 106394->106454 106398 7ffdfb2096fa ctype 106396->106398 106401 7ffdfb2097f4 106396->106401 106397 7ffdfb209752 EnterCriticalSection 106400 7ffdfb20976c 106397->106400 106398->106397 106399 7ffdfb20974d ctype 106398->106399 106402 7ffdfb2097f9 106398->106402 106399->106397 106400->106400 106408 7ffdfb209781 memcpy_s 106400->106408 106455 7ffdfb207a84 33 API calls 5 library calls 106400->106455 106403 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106401->106403 106404 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106402->106404 106403->106402 106405 7ffdfb2097ff 106404->106405 106407 7ffdfb207484 numpunct 33 API calls 106405->106407 106409 7ffdfb20982f EnterCriticalSection 106407->106409 106410 7ffdfb2097c2 LeaveCriticalSection 106408->106410 106434 7ffdfb21c83c 106409->106434 106411 7ffdfb2097cc 106410->106411 106414 7ffdfb311620 ctype 8 API calls 106411->106414 106413 7ffdfb209855 106419 7ffdfb209865 106413->106419 106456 7ffdfb232078 49 API calls 106413->106456 106415 7ffdfb2097d9 106414->106415 106416 7ffdfb215164 33 API calls 106418 7ffdfb209877 LeaveCriticalSection 106416->106418 106420 7ffdfb20988d 106418->106420 106421 7ffdfb2098b6 ctype 106418->106421 106419->106416 106420->106421 106422 7ffdfb2098d7 106420->106422 106423 7ffdfb311620 ctype 8 API calls 106421->106423 106425 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106422->106425 106424 7ffdfb2098d1 106423->106424 106426 7ffdfb2098dc EnterCriticalSection 106425->106426 106427 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 106426->106427 106428 7ffdfb20992a LeaveCriticalSection EnterCriticalSection 106427->106428 106429 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 106428->106429 106430 7ffdfb209952 LeaveCriticalSection EnterCriticalSection 106429->106430 106431 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 106430->106431 106432 7ffdfb20997a LeaveCriticalSection 106431->106432 106433 7ffdfb209985 106432->106433 106435 7ffdfb21c865 106434->106435 106457 7ffdfb230180 9 API calls 106435->106457 106437 7ffdfb21c872 106453 7ffdfb21c8ce 106437->106453 106458 7ffdfb23c32c 58 API calls 106437->106458 106440 7ffdfb21c8e0 106442 7ffdfb313cc4 _CxxThrowException 2 API calls 106440->106442 106441 7ffdfb21c88d 106443 7ffdfb21c892 106441->106443 106444 7ffdfb21c8ac 106441->106444 106450 7ffdfb21c8f1 106442->106450 106459 7ffdfb2306b8 49 API calls 106443->106459 106460 7ffdfb21c1a8 31 API calls __std_exception_copy 106444->106460 106447 7ffdfb21c89a 106447->106413 106448 7ffdfb21c8bd 106451 7ffdfb313cc4 _CxxThrowException 2 API calls 106448->106451 106449 7ffdfb21c90e 106449->106413 106450->106449 106462 7ffdfb232078 49 API calls 106450->106462 106451->106453 106461 7ffdfb21c1a8 31 API calls __std_exception_copy 106453->106461 106454->106396 106455->106408 106456->106419 106457->106437 106458->106441 106459->106447 106460->106448 106461->106440 106462->106449 106463 7ffdfb216b14 106466 7ffdfb2a64a4 106463->106466 106475 7ffdfb2a1414 106466->106475 106468 7ffdfb2a6552 106469 7ffdfb2a656d 106468->106469 106470 7ffdfb2a655e DestroyWindow 106468->106470 106483 7ffdfb2aae74 106470->106483 106473 7ffdfb2a64ce 106473->106468 106487 7ffdfb2a1500 36 API calls 106473->106487 106488 7ffdfb296f98 36 API calls 2 library calls 106473->106488 106478 7ffdfb2a1446 106475->106478 106482 7ffdfb2a14e9 106475->106482 106476 7ffdfb311620 ctype 8 API calls 106477 7ffdfb2a14f6 106476->106477 106477->106473 106479 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106478->106479 106480 7ffdfb2a14d4 106479->106480 106489 7ffdfb2bf0d8 36 API calls std::ios_base::~ios_base 106480->106489 106482->106476 106484 7ffdfb2aaeb5 ctype 106483->106484 106486 7ffdfb2aaf6a 106484->106486 106490 7ffdfb2af1f8 33 API calls 106484->106490 106486->106469 106487->106473 106488->106473 106489->106482 106490->106486 106491 7ffdfb209bf4 106492 7ffdfb209c22 106491->106492 106493 7ffdfb209c2e 106491->106493 106509 7ffdfb213fe0 106492->106509 106495 7ffdfb20ace0 40 API calls 106493->106495 106496 7ffdfb209c3d 106495->106496 106523 7ffdfb20b57c 106496->106523 106498 7ffdfb209c4a 106499 7ffdfb20ab80 33 API calls 106498->106499 106500 7ffdfb209c5c 106499->106500 106501 7ffdfb214ff4 55 API calls 106500->106501 106502 7ffdfb209c76 106501->106502 106503 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106502->106503 106504 7ffdfb209c84 106503->106504 106527 7ffdfb20ac64 31 API calls _Receive_impl 106504->106527 106506 7ffdfb209c92 std::ios_base::_Ios_base_dtor 106507 7ffdfb311620 ctype 8 API calls 106506->106507 106508 7ffdfb209cc0 106507->106508 106510 7ffdfb207484 numpunct 33 API calls 106509->106510 106511 7ffdfb214012 106510->106511 106512 7ffdfb2073b4 33 API calls 106511->106512 106513 7ffdfb21402e 106512->106513 106514 7ffdfb2073b4 33 API calls 106513->106514 106515 7ffdfb214045 OutputDebugStringA 106514->106515 106516 7ffdfb214091 ctype 106515->106516 106517 7ffdfb214068 106515->106517 106518 7ffdfb311620 ctype 8 API calls 106516->106518 106517->106516 106519 7ffdfb2140a9 106517->106519 106520 7ffdfb2140a3 106518->106520 106521 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106519->106521 106520->106493 106522 7ffdfb2140ae 106521->106522 106524 7ffdfb20b5b1 106523->106524 106526 7ffdfb20b5e5 106524->106526 106528 7ffdfb20d8e0 6 API calls 5 library calls 106524->106528 106526->106498 106527->106506 106528->106526 105387 7ffdfb2188d8 105404 7ffdfb218618 105387->105404 105394 7ffdfb2189ec 105395 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105394->105395 105397 7ffdfb2189f9 105395->105397 105399 7ffdfb311620 ctype 8 API calls 105397->105399 105398 7ffdfb2189c4 105400 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105398->105400 105401 7ffdfb218a11 105399->105401 105402 7ffdfb2189d5 105400->105402 105476 7ffdfb2bf0d8 36 API calls std::ios_base::~ios_base 105402->105476 105405 7ffdfb2186a9 105404->105405 105406 7ffdfb218639 105404->105406 105414 7ffdfb21933c 105405->105414 105407 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105406->105407 105408 7ffdfb218643 105407->105408 105477 7ffdfb217740 105408->105477 105411 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105412 7ffdfb218675 105411->105412 105514 7ffdfb293f68 105412->105514 105940 7ffdfb3136dc 105414->105940 105417 7ffdfb3136dc 3 API calls 105418 7ffdfb21937d 105417->105418 105419 7ffdfb2193c4 105418->105419 105974 7ffdfb296ea4 36 API calls 2 library calls 105418->105974 105951 7ffdfb207244 105419->105951 105423 7ffdfb213904 33 API calls 105424 7ffdfb218924 105423->105424 105425 7ffdfb217f6c 105424->105425 105985 7ffdfb215164 105425->105985 105427 7ffdfb217f81 105428 7ffdfb215164 33 API calls 105427->105428 105429 7ffdfb217f8e 105428->105429 105430 7ffdfb215164 33 API calls 105429->105430 105431 7ffdfb217f9b 105430->105431 105432 7ffdfb215164 33 API calls 105431->105432 105433 7ffdfb217fa8 105432->105433 105434 7ffdfb215164 33 API calls 105433->105434 105435 7ffdfb217fbb 105434->105435 105436 7ffdfb215164 33 API calls 105435->105436 105437 7ffdfb217fce 105436->105437 105438 7ffdfb215164 33 API calls 105437->105438 105439 7ffdfb217fe1 105438->105439 105440 7ffdfb215164 33 API calls 105439->105440 105441 7ffdfb217ff4 105440->105441 105442 7ffdfb215164 33 API calls 105441->105442 105443 7ffdfb218007 105442->105443 105444 7ffdfb215164 33 API calls 105443->105444 105445 7ffdfb21801a 105444->105445 105446 7ffdfb215164 33 API calls 105445->105446 105447 7ffdfb21802d 105446->105447 105447->105394 105448 7ffdfb217c58 105447->105448 105449 7ffdfb217c8d 105448->105449 105450 7ffdfb217d30 105448->105450 105990 7ffdfb2159ec 36 API calls 3 library calls 105449->105990 105451 7ffdfb217d85 105450->105451 105452 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105450->105452 105453 7ffdfb311620 ctype 8 API calls 105451->105453 105455 7ffdfb217d43 105452->105455 105456 7ffdfb217d92 105453->105456 105459 7ffdfb215478 45 API calls 105455->105459 105456->105398 105457 7ffdfb217cc1 105991 7ffdfb2b15b4 51 API calls std::locale::_Locimp::_New_Locimp 105457->105991 105461 7ffdfb217d5a 105459->105461 105460 7ffdfb217cc7 105462 7ffdfb217cff 105460->105462 105464 7ffdfb217ce4 105460->105464 105465 7ffdfb217ce8 SetCursor 105460->105465 105463 7ffdfb207244 33 API calls 105461->105463 105992 7ffdfb2c3d44 61 API calls 3 library calls 105462->105992 105467 7ffdfb217d75 105463->105467 105464->105465 105465->105462 105469 7ffdfb21560c 38 API calls 105467->105469 105468 7ffdfb217d09 105993 7ffdfb2d1718 37 API calls 105468->105993 105469->105451 105471 7ffdfb217d0f 105472 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105471->105472 105473 7ffdfb217d24 105472->105473 105994 7ffdfb2a1538 36 API calls std::ios_base::~ios_base 105473->105994 105475 7ffdfb217d2e 105475->105451 105476->105394 105525 7ffdfb2175c0 105477->105525 105481 7ffdfb217787 105545 7ffdfb2c0600 36 API calls 105481->105545 105483 7ffdfb21779a 105546 7ffdfb2c0684 36 API calls 105483->105546 105485 7ffdfb2177a5 105486 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105485->105486 105487 7ffdfb217822 105486->105487 105488 7ffdfb293f68 36 API calls 105487->105488 105489 7ffdfb217856 105488->105489 105490 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105489->105490 105491 7ffdfb21786d 105490->105491 105492 7ffdfb293f68 36 API calls 105491->105492 105493 7ffdfb21789e 105492->105493 105494 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105493->105494 105495 7ffdfb2178b5 105494->105495 105496 7ffdfb293f68 36 API calls 105495->105496 105497 7ffdfb2178e9 105496->105497 105498 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105497->105498 105499 7ffdfb217906 105498->105499 105500 7ffdfb293f68 36 API calls 105499->105500 105501 7ffdfb217930 105500->105501 105502 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105501->105502 105503 7ffdfb21794d 105502->105503 105504 7ffdfb293f68 36 API calls 105503->105504 105505 7ffdfb217977 105504->105505 105506 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105505->105506 105507 7ffdfb217994 105506->105507 105508 7ffdfb293f68 36 API calls 105507->105508 105509 7ffdfb2179be 105508->105509 105510 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105509->105510 105511 7ffdfb2179db 105510->105511 105512 7ffdfb293f68 36 API calls 105511->105512 105513 7ffdfb217a05 105512->105513 105513->105411 105515 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105514->105515 105516 7ffdfb293f97 105515->105516 105517 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105516->105517 105519 7ffdfb294002 105516->105519 105523 7ffdfb293fcc ctype 105516->105523 105517->105519 105520 7ffdfb29401e 105519->105520 105938 7ffdfb29004c 33 API calls 4 library calls 105519->105938 105520->105523 105939 7ffdfb2945d0 36 API calls std::ios_base::~ios_base 105520->105939 105522 7ffdfb294056 105522->105523 105524 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105522->105524 105523->105405 105524->105523 105547 7ffdfb2158b0 105525->105547 105528 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 105529 7ffdfb217613 105528->105529 105559 7ffdfb21641c 105529->105559 105533 7ffdfb217689 105534 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105533->105534 105535 7ffdfb21769e 105534->105535 105536 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105535->105536 105537 7ffdfb2176b1 105536->105537 105538 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105537->105538 105539 7ffdfb2176c4 105538->105539 105540 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105539->105540 105541 7ffdfb2176d7 105540->105541 105542 7ffdfb311620 ctype 8 API calls 105541->105542 105543 7ffdfb2176f0 105542->105543 105544 7ffdfb2933cc InitializeCriticalSection 105543->105544 105544->105481 105545->105483 105546->105485 105548 7ffdfb2158e0 105547->105548 105549 7ffdfb2158e5 105547->105549 105596 7ffdfb29cba4 34 API calls std::ios_base::~ios_base 105548->105596 105583 7ffdfb21580c 105549->105583 105553 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105554 7ffdfb21591a 105553->105554 105592 7ffdfb28d454 105554->105592 105556 7ffdfb21595f 105556->105528 105557 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105557->105556 105558 7ffdfb215920 ctype 105558->105556 105558->105557 105560 7ffdfb21646b 105559->105560 105562 7ffdfb216444 105559->105562 105561 7ffdfb216499 105560->105561 105636 7ffdfb2d4b20 59 API calls 105560->105636 105568 7ffdfb216d60 105561->105568 105562->105560 105565 7ffdfb216450 105562->105565 105566 7ffdfb216470 105562->105566 105565->105560 105634 7ffdfb2d48a4 36 API calls 2 library calls 105565->105634 105566->105560 105635 7ffdfb2d48a4 36 API calls 2 library calls 105566->105635 105637 7ffdfb2b494c 105568->105637 105573 7ffdfb216eac 105573->105533 105574 7ffdfb216e45 105574->105573 105674 7ffdfb2c0d88 105574->105674 105576 7ffdfb216e1d 105678 7ffdfb215e58 36 API calls std::ios_base::~ios_base 105576->105678 105579 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105581 7ffdfb216e7b 105579->105581 105582 7ffdfb293f68 36 API calls 105581->105582 105582->105573 105597 7ffdfb28d4a4 105583->105597 105586 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105587 7ffdfb215835 105586->105587 105588 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105587->105588 105591 7ffdfb215846 ctype 105588->105591 105589 7ffdfb215885 105589->105553 105590 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105590->105589 105591->105589 105591->105590 105593 7ffdfb28d467 105592->105593 105594 7ffdfb28d498 105592->105594 105633 7ffdfb311a80 34 API calls std::ios_base::~ios_base 105593->105633 105594->105558 105596->105549 105598 7ffdfb28d4d0 105597->105598 105599 7ffdfb28d612 105597->105599 105598->105599 105600 7ffdfb28d4d9 105598->105600 105632 7ffdfb28fb8c 36 API calls 3 library calls 105599->105632 105629 7ffdfb29aa7c 36 API calls 2 library calls 105600->105629 105603 7ffdfb28d622 105605 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105603->105605 105604 7ffdfb28d4fb 105606 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105604->105606 105607 7ffdfb28d62f 105605->105607 105608 7ffdfb28d507 105606->105608 105609 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105607->105609 105610 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105608->105610 105626 7ffdfb28d5dd ctype 105609->105626 105616 7ffdfb28d515 ctype 105610->105616 105611 7ffdfb21582a 105611->105586 105612 7ffdfb28d558 105613 7ffdfb28d569 105612->105613 105614 7ffdfb28d604 105612->105614 105630 7ffdfb28fb8c 36 API calls 3 library calls 105613->105630 105631 7ffdfb28f958 36 API calls std::ios_base::~ios_base 105614->105631 105615 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105615->105611 105616->105612 105618 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105616->105618 105618->105612 105620 7ffdfb28d5d4 105624 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105620->105624 105621 7ffdfb28d579 105622 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105621->105622 105623 7ffdfb28d586 105622->105623 105625 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105623->105625 105624->105626 105627 7ffdfb28d59c ctype 105625->105627 105626->105611 105626->105615 105627->105620 105628 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105627->105628 105628->105620 105629->105604 105630->105621 105631->105620 105632->105603 105633->105594 105634->105560 105635->105566 105636->105561 105679 7ffdfb2b4750 105637->105679 105640 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105641 7ffdfb2b49cf 105640->105641 105642 7ffdfb293f68 36 API calls 105641->105642 105643 7ffdfb2b49ff 105642->105643 105644 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105643->105644 105645 7ffdfb2b4a1d 105644->105645 105646 7ffdfb293f68 36 API calls 105645->105646 105647 7ffdfb2b4a46 105646->105647 105648 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105647->105648 105649 7ffdfb2b4a64 105648->105649 105650 7ffdfb293f68 36 API calls 105649->105650 105651 7ffdfb2b4a8d 105650->105651 105682 7ffdfb2a79c0 105651->105682 105654 7ffdfb29ec48 105655 7ffdfb29ec81 105654->105655 105656 7ffdfb29ec93 105655->105656 105886 7ffdfb2c5ca8 9 API calls 105655->105886 105815 7ffdfb29046c 105656->105815 105662 7ffdfb216e02 105662->105573 105662->105574 105677 7ffdfb2ccc34 44 API calls 2 library calls 105662->105677 105663 7ffdfb29ed0c 105666 7ffdfb29ed16 GetDialogBaseUnits MulDiv MulDiv 105663->105666 105664 7ffdfb29edd2 105887 7ffdfb29eb70 72 API calls 105664->105887 105667 7ffdfb29ed7a 105666->105667 105853 7ffdfb2b3c88 105667->105853 105670 7ffdfb29ee0b SendMessageW 105670->105662 105671 7ffdfb29edfd 105671->105670 105673 7ffdfb29edc6 105673->105662 105673->105670 105673->105671 105675 7ffdfb2c0d9e CreateWindowExW 105674->105675 105676 7ffdfb216e5a 105674->105676 105675->105676 105676->105579 105677->105576 105678->105574 105686 7ffdfb216a50 105679->105686 105683 7ffdfb2a79d7 105682->105683 105684 7ffdfb216d8a 105682->105684 105814 7ffdfb2a7a00 6 API calls 105683->105814 105684->105654 105689 7ffdfb2a0bb4 105686->105689 105712 7ffdfb2933cc InitializeCriticalSection 105689->105712 105691 7ffdfb2a0bf1 105713 7ffdfb219304 105691->105713 105694 7ffdfb2a0cf7 105695 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105694->105695 105697 7ffdfb2a0da3 105695->105697 105716 7ffdfb2d9918 105697->105716 105699 7ffdfb2a0db4 105700 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105699->105700 105701 7ffdfb2a0dca 105700->105701 105702 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105701->105702 105703 7ffdfb2a0ddd 105702->105703 105704 7ffdfb2a0e28 105703->105704 105705 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105703->105705 105706 7ffdfb311620 ctype 8 API calls 105704->105706 105707 7ffdfb2a0e03 105705->105707 105708 7ffdfb216a5e 105706->105708 105781 7ffdfb2d9c38 42 API calls 2 library calls 105707->105781 105708->105640 105710 7ffdfb2a0e10 105711 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105710->105711 105711->105704 105712->105691 105714 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105713->105714 105715 7ffdfb21931e 105714->105715 105715->105694 105780 7ffdfb2eb458 40 API calls 2 library calls 105715->105780 105782 7ffdfb30305c 105716->105782 105719 7ffdfb2d9981 105799 7ffdfb215978 105719->105799 105720 7ffdfb2d999f 105722 7ffdfb213904 33 API calls 105720->105722 105723 7ffdfb2d99b3 105722->105723 105725 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105723->105725 105724 7ffdfb2d999a 105726 7ffdfb311620 ctype 8 API calls 105724->105726 105727 7ffdfb2d99db 105725->105727 105728 7ffdfb2d9c21 105726->105728 105729 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105727->105729 105728->105699 105730 7ffdfb2d9a04 105729->105730 105803 7ffdfb28e570 42 API calls 3 library calls 105730->105803 105732 7ffdfb2d9a1b 105733 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105732->105733 105734 7ffdfb2d9a2f 105733->105734 105735 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105734->105735 105736 7ffdfb2d9a44 105735->105736 105737 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105736->105737 105738 7ffdfb2d9a65 105737->105738 105739 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105738->105739 105740 7ffdfb2d9a8d 105739->105740 105804 7ffdfb28e570 42 API calls 3 library calls 105740->105804 105742 7ffdfb2d9aa4 105743 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105742->105743 105744 7ffdfb2d9ab9 105743->105744 105745 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105744->105745 105746 7ffdfb2d9acc 105745->105746 105747 7ffdfb2d9bb1 105746->105747 105805 7ffdfb2959bc 36 API calls 2 library calls 105746->105805 105748 7ffdfb2d9beb 105747->105748 105811 7ffdfb28dc60 36 API calls std::ios_base::~ios_base 105747->105811 105756 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105748->105756 105751 7ffdfb2d9afb 105752 7ffdfb215978 33 API calls 105751->105752 105755 7ffdfb2d9b09 105752->105755 105753 7ffdfb2d9bc4 105812 7ffdfb2d9878 36 API calls 2 library calls 105753->105812 105761 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105755->105761 105758 7ffdfb2d9bff 105756->105758 105757 7ffdfb2d9bcd 105813 7ffdfb28ce0c 36 API calls 2 library calls 105757->105813 105763 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105758->105763 105760 7ffdfb2d9bd8 105764 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105760->105764 105762 7ffdfb2d9b1c 105761->105762 105762->105747 105806 7ffdfb28dc60 36 API calls std::ios_base::~ios_base 105762->105806 105763->105724 105764->105748 105766 7ffdfb2d9b36 105807 7ffdfb28d8ac 33 API calls 105766->105807 105768 7ffdfb2d9b49 105808 7ffdfb28d844 33 API calls 105768->105808 105770 7ffdfb2d9b62 105809 7ffdfb2d9878 36 API calls 2 library calls 105770->105809 105772 7ffdfb2d9b6b 105810 7ffdfb28ce0c 36 API calls 2 library calls 105772->105810 105774 7ffdfb2d9b76 105775 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105774->105775 105776 7ffdfb2d9b89 105775->105776 105777 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105776->105777 105778 7ffdfb2d9b9c 105777->105778 105779 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105778->105779 105779->105747 105780->105694 105781->105710 105783 7ffdfb213904 33 API calls 105782->105783 105784 7ffdfb3030a0 105783->105784 105785 7ffdfb213904 33 API calls 105784->105785 105786 7ffdfb3030bb 105785->105786 105787 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105786->105787 105788 7ffdfb3030d1 105787->105788 105789 7ffdfb213904 33 API calls 105788->105789 105792 7ffdfb3030e7 105789->105792 105790 7ffdfb303110 105793 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105790->105793 105791 7ffdfb28ded0 37 API calls 105791->105792 105792->105790 105792->105791 105794 7ffdfb303125 105793->105794 105795 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105794->105795 105796 7ffdfb303138 105795->105796 105797 7ffdfb311620 ctype 8 API calls 105796->105797 105798 7ffdfb2d997c 105797->105798 105798->105719 105798->105720 105800 7ffdfb21598f 105799->105800 105801 7ffdfb2159a6 memcpy_s 105799->105801 105800->105801 105802 7ffdfb20a668 std::ios_base::~ios_base 33 API calls 105800->105802 105801->105724 105802->105801 105803->105732 105804->105742 105805->105751 105806->105766 105807->105768 105808->105770 105809->105772 105810->105774 105811->105753 105812->105757 105813->105760 105814->105684 105888 7ffdfb294c88 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 105815->105888 105817 7ffdfb2904a1 105818 7ffdfb2904bb 105817->105818 105889 7ffdfb30f130 33 API calls 2 library calls 105817->105889 105821 7ffdfb2a0e98 105818->105821 105824 7ffdfb2a0eee 105821->105824 105825 7ffdfb2a0f03 105821->105825 105894 7ffdfb2eb254 36 API calls 105824->105894 105825->105824 105826 7ffdfb2a0f60 105825->105826 105895 7ffdfb2eb718 33 API calls numpunct 105825->105895 105829 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 105826->105829 105827 7ffdfb2a0efe 105828 7ffdfb2a1032 105827->105828 105834 7ffdfb2a1046 105827->105834 105897 7ffdfb2eb458 40 API calls 2 library calls 105827->105897 105828->105834 105898 7ffdfb2eb2e8 36 API calls std::locale::_Locimp::_New_Locimp 105828->105898 105831 7ffdfb2a0f70 105829->105831 105833 7ffdfb21641c 59 API calls 105831->105833 105835 7ffdfb2a0fa6 105833->105835 105890 7ffdfb2a2924 105834->105890 105837 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105835->105837 105839 7ffdfb2a0fae 105837->105839 105841 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105839->105841 105840 7ffdfb311620 ctype 8 API calls 105842 7ffdfb29ece3 105840->105842 105843 7ffdfb2a0fb8 105841->105843 105842->105662 105842->105663 105842->105664 105844 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105843->105844 105845 7ffdfb2a0fc2 105844->105845 105896 7ffdfb215b5c 34 API calls 2 library calls 105845->105896 105847 7ffdfb2a0fdb 105848 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105847->105848 105849 7ffdfb2a0fee 105848->105849 105850 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105849->105850 105851 7ffdfb2a1001 105850->105851 105852 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105851->105852 105852->105827 105854 7ffdfb2b3c95 105853->105854 105855 7ffdfb2b3cbf GetProcessDefaultLayout 105854->105855 105856 7ffdfb29ed94 105854->105856 105855->105856 105857 7ffdfb29e8d8 105856->105857 105858 7ffdfb29e90f 105857->105858 105900 7ffdfb2b4b78 105858->105900 105860 7ffdfb29e921 CreateDialogIndirectParamW 105862 7ffdfb29e95f 105860->105862 105882 7ffdfb29e9e2 105860->105882 105864 7ffdfb29e993 105862->105864 105927 7ffdfb296f98 36 API calls 2 library calls 105862->105927 105863 7ffdfb29ea9a 105867 7ffdfb29eabb 105863->105867 105868 7ffdfb29eaab SetWindowTextW 105863->105868 105866 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105864->105866 105870 7ffdfb29e9a9 105866->105870 105905 7ffdfb2a7588 105867->105905 105868->105867 105872 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 105870->105872 105873 7ffdfb29e9b2 105872->105873 105928 7ffdfb28fc4c 36 API calls 2 library calls 105873->105928 105875 7ffdfb29e9ca 105929 7ffdfb215b5c 34 API calls 2 library calls 105875->105929 105877 7ffdfb29eb07 SetWindowPos 105881 7ffdfb29e9db 105877->105881 105878 7ffdfb29eb34 MoveWindow 105878->105881 105880 7ffdfb29ea5f 105883 7ffdfb29ea91 105880->105883 105885 7ffdfb29ea76 SendMessageW 105880->105885 105881->105673 105882->105863 105930 7ffdfb2c6030 38 API calls std::ios_base::~ios_base 105882->105930 105931 7ffdfb215e58 36 API calls std::ios_base::~ios_base 105883->105931 105885->105883 105886->105656 105887->105673 105888->105817 105891 7ffdfb2a10b0 105890->105891 105892 7ffdfb2a293e 105890->105892 105891->105840 105892->105891 105899 7ffdfb296f98 36 API calls 2 library calls 105892->105899 105894->105827 105895->105825 105896->105847 105897->105828 105898->105834 105899->105891 105901 7ffdfb2b4b87 105900->105901 105902 7ffdfb2b4b8f 105900->105902 105901->105860 105903 7ffdfb2b4bac GetActiveWindow 105902->105903 105904 7ffdfb2b4bb7 105902->105904 105903->105904 105904->105860 105906 7ffdfb2a7609 IsWindow 105905->105906 105907 7ffdfb2a75c4 105905->105907 105908 7ffdfb2a7726 105906->105908 105909 7ffdfb2a761a 105906->105909 105907->105906 105932 7ffdfb296f98 36 API calls 2 library calls 105907->105932 105919 7ffdfb2a7723 105908->105919 105937 7ffdfb296f98 36 API calls 2 library calls 105908->105937 105933 7ffdfb2aac80 36 API calls 2 library calls 105909->105933 105912 7ffdfb2a762c GetWindowLongPtrW 105934 7ffdfb2a7884 37 API calls 2 library calls 105912->105934 105914 7ffdfb311620 ctype 8 API calls 105917 7ffdfb29eaca 105914->105917 105915 7ffdfb2a75f8 105915->105906 105917->105877 105917->105878 105918 7ffdfb2a7649 105920 7ffdfb2a764d SetWindowLongPtrW GetWindowLongW 105918->105920 105923 7ffdfb2a7687 105918->105923 105919->105914 105921 7ffdfb2a767b 105920->105921 105920->105923 105935 7ffdfb2a6278 GetWindowLongPtrW SetWindowLongPtrW 105921->105935 105924 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105923->105924 105925 7ffdfb2a770e 105924->105925 105936 7ffdfb2bf0d8 36 API calls std::ios_base::~ios_base 105925->105936 105927->105864 105928->105875 105929->105881 105930->105880 105931->105863 105932->105915 105933->105912 105934->105918 105935->105923 105936->105919 105937->105919 105938->105520 105939->105522 105941 7ffdfb313721 105940->105941 105942 7ffdfb3136e7 105940->105942 105945 7ffdfb313cc4 _CxxThrowException 2 API calls 105941->105945 105943 7ffdfb3136f6 RtlPcToFileHeader 105942->105943 105946 7ffdfb31370b 105942->105946 105943->105946 105944 7ffdfb219372 105944->105417 105945->105946 105946->105944 105947 7ffdfb313cc4 _CxxThrowException 2 API calls 105946->105947 105948 7ffdfb313766 105947->105948 105949 7ffdfb313cc4 _CxxThrowException 2 API calls 105948->105949 105950 7ffdfb313789 105949->105950 105975 7ffdfb207510 105951->105975 105953 7ffdfb207275 105954 7ffdfb207510 33 API calls 105953->105954 105955 7ffdfb20728b 105954->105955 105956 7ffdfb207510 33 API calls 105955->105956 105957 7ffdfb2072a1 105956->105957 105958 7ffdfb207510 33 API calls 105957->105958 105959 7ffdfb2072b7 105958->105959 105960 7ffdfb207510 33 API calls 105959->105960 105961 7ffdfb2072d3 105960->105961 105962 7ffdfb207510 33 API calls 105961->105962 105963 7ffdfb2072ef 105962->105963 105964 7ffdfb207510 33 API calls 105963->105964 105965 7ffdfb20730b 105964->105965 105966 7ffdfb207510 33 API calls 105965->105966 105967 7ffdfb207327 105966->105967 105968 7ffdfb207510 33 API calls 105967->105968 105969 7ffdfb207343 105968->105969 105970 7ffdfb207510 33 API calls 105969->105970 105971 7ffdfb20735f 105970->105971 105972 7ffdfb207510 33 API calls 105971->105972 105973 7ffdfb20737b 105972->105973 105973->105423 105974->105419 105976 7ffdfb207535 105975->105976 105977 7ffdfb207577 105976->105977 105978 7ffdfb2075a1 105976->105978 105980 7ffdfb20753e memcpy_s 105976->105980 105979 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105977->105979 105978->105980 105982 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 105978->105982 105981 7ffdfb20758b 105979->105981 105980->105953 105981->105980 105983 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105981->105983 105982->105980 105984 7ffdfb2075e4 105983->105984 105984->105953 105986 7ffdfb21517b 105985->105986 105988 7ffdfb215192 memcpy_s 105985->105988 105986->105988 105989 7ffdfb207a84 33 API calls 5 library calls 105986->105989 105988->105427 105989->105988 105990->105457 105991->105460 105992->105468 105993->105471 105994->105475 105050 7ffdfb217a5e 105051 7ffdfb217b19 105050->105051 105053 7ffdfb217a77 ctype 105050->105053 105052 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105051->105052 105054 7ffdfb217b1e 105052->105054 105055 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105053->105055 105056 7ffdfb217ab3 105055->105056 105061 7ffdfb2c05bc 105056->105061 105058 7ffdfb217ae8 105059 7ffdfb2c0a18 41 API calls 105058->105059 105060 7ffdfb217af1 ctype 105059->105060 105064 7ffdfb2c07cc 36 API calls 105061->105064 105063 7ffdfb2c05dd 105064->105063 104628 7ffdfb209f80 104637 7ffdfb219004 EnterCriticalSection 104628->104637 104630 7ffdfb209f94 104631 7ffdfb311644 std::locale::_Locimp::_New_Locimp RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection 104630->104631 104632 7ffdfb209f9e fread_s 104631->104632 104633 7ffdfb215478 45 API calls 104632->104633 104634 7ffdfb209fc3 104633->104634 104635 7ffdfb21560c 38 API calls 104634->104635 104636 7ffdfb209fd5 104635->104636 104638 7ffdfb219072 104637->104638 104639 7ffdfb219038 104637->104639 104689 7ffdfb2184d0 36 API calls 2 library calls 104638->104689 104647 7ffdfb311644 104639->104647 104642 7ffdfb219087 LeaveCriticalSection 104648 7ffdfb31164f 104647->104648 104649 7ffdfb219042 104648->104649 104651 7ffdfb31166e 104648->104651 104690 7ffdfb333f60 EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_New_Locimp 104648->104690 104656 7ffdfb215478 CreateEventW 104649->104656 104652 7ffdfb311679 104651->104652 104691 7ffdfb30f110 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 104651->104691 104692 7ffdfb3123b4 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 104652->104692 104657 7ffdfb2154cd CreateEventW 104656->104657 104676 7ffdfb215550 104656->104676 104658 7ffdfb21556e 104657->104658 104659 7ffdfb2154ea 104657->104659 104661 7ffdfb213e30 36 API calls 104658->104661 104693 7ffdfb327b4c 104659->104693 104660 7ffdfb213e30 36 API calls 104663 7ffdfb21555d 104660->104663 104664 7ffdfb21557b 104661->104664 104666 7ffdfb313cc4 _CxxThrowException 2 API calls 104663->104666 104667 7ffdfb313cc4 _CxxThrowException 2 API calls 104664->104667 104666->104658 104670 7ffdfb21558c 104667->104670 104668 7ffdfb215533 104713 7ffdfb213e30 GetLastError 104668->104713 104669 7ffdfb215513 104711 7ffdfb215420 SleepEx RaiseException 104669->104711 104676->104660 104677 7ffdfb21560c 104678 7ffdfb21561e ResumeThread 104677->104678 104679 7ffdfb21563b 104677->104679 104680 7ffdfb215658 104678->104680 104681 7ffdfb21562b WaitForSingleObject 104678->104681 104682 7ffdfb213e30 36 API calls 104679->104682 104684 7ffdfb213e30 36 API calls 104680->104684 104681->104679 104683 7ffdfb215647 104682->104683 104686 7ffdfb313cc4 _CxxThrowException 2 API calls 104683->104686 104685 7ffdfb215665 104684->104685 104687 7ffdfb313cc4 _CxxThrowException 2 API calls 104685->104687 104686->104680 104688 7ffdfb215676 104687->104688 104689->104642 104690->104648 104694 7ffdfb327b65 104693->104694 104695 7ffdfb327b7c 104693->104695 104743 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 104694->104743 104736 7ffdfb327aec 104695->104736 104698 7ffdfb327b6a 104744 7ffdfb31f0f8 31 API calls _invalid_parameter_noinfo 104698->104744 104701 7ffdfb327b8f CreateThread 104702 7ffdfb327bbf GetLastError 104701->104702 104705 7ffdfb327bcc 104701->104705 104745 7ffdfb3276fc 15 API calls 2 library calls 104702->104745 104704 7ffdfb21550a 104704->104668 104704->104669 104705->104704 104706 7ffdfb327be2 104705->104706 104707 7ffdfb327bdc CloseHandle 104705->104707 104708 7ffdfb327bf1 104706->104708 104709 7ffdfb327beb FreeLibrary 104706->104709 104707->104706 104746 7ffdfb334e74 104708->104746 104709->104708 104712 7ffdfb21546b 104711->104712 104712->104677 104714 7ffdfb213ee5 FormatMessageA 104713->104714 104719 7ffdfb213e97 104713->104719 104715 7ffdfb213f10 104714->104715 104716 7ffdfb213f33 104714->104716 104721 7ffdfb2073b4 33 API calls 104715->104721 104762 7ffdfb312e50 104716->104762 104718 7ffdfb213f69 104722 7ffdfb213fa5 ctype 104718->104722 104728 7ffdfb213fda 104718->104728 104723 7ffdfb213eae memcpy_s 104719->104723 104775 7ffdfb207a84 33 API calls 5 library calls 104719->104775 104725 7ffdfb213f29 LocalFree 104721->104725 104766 7ffdfb311620 104722->104766 104776 7ffdfb2073b4 104723->104776 104725->104716 104780 7ffdfb31f118 104728->104780 104731 7ffdfb313cc4 104732 7ffdfb313d2a RtlPcToFileHeader 104731->104732 104733 7ffdfb313d0d 104731->104733 104734 7ffdfb313d5d RaiseException 104732->104734 104735 7ffdfb313d4c 104732->104735 104733->104732 104734->104676 104735->104734 104752 7ffdfb334dfc 104736->104752 104739 7ffdfb334e74 __free_lconv_num 15 API calls 104740 7ffdfb327b18 104739->104740 104741 7ffdfb327b1f GetModuleHandleExW 104740->104741 104742 7ffdfb327b39 104740->104742 104741->104742 104742->104701 104742->104705 104743->104698 104744->104704 104745->104705 104747 7ffdfb334e79 HeapFree 104746->104747 104749 7ffdfb334ea9 __free_lconv_num 104746->104749 104748 7ffdfb334e94 104747->104748 104747->104749 104761 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 104748->104761 104749->104704 104751 7ffdfb334e99 GetLastError 104751->104749 104753 7ffdfb334e0d std::_Locinfo::_Locinfo_ctor 104752->104753 104754 7ffdfb334e42 HeapAlloc 104753->104754 104755 7ffdfb334e5e 104753->104755 104759 7ffdfb333f60 EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_New_Locimp 104753->104759 104754->104753 104756 7ffdfb327b0e 104754->104756 104760 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 104755->104760 104756->104739 104759->104753 104760->104756 104761->104751 104763 7ffdfb312ea6 104762->104763 104764 7ffdfb312e71 104762->104764 104763->104718 104764->104763 104785 7ffdfb334bf0 31 API calls 2 library calls 104764->104785 104767 7ffdfb31162a 104766->104767 104768 7ffdfb213fc3 104767->104768 104769 7ffdfb311f1c IsProcessorFeaturePresent 104767->104769 104768->104731 104770 7ffdfb311f33 104769->104770 104786 7ffdfb312110 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 104770->104786 104772 7ffdfb311f46 104787 7ffdfb311ee8 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 104772->104787 104775->104723 104777 7ffdfb207403 104776->104777 104779 7ffdfb2073d9 memcpy_s 104776->104779 104788 7ffdfb207910 33 API calls 5 library calls 104777->104788 104779->104714 104789 7ffdfb31f050 31 API calls 2 library calls 104780->104789 104782 7ffdfb31f131 104790 7ffdfb31f148 16 API calls _invalid_parameter_noinfo_noreturn 104782->104790 104785->104763 104786->104772 104788->104779 104789->104782 106529 7ffdfb212de0 106530 7ffdfb207484 numpunct 33 API calls 106529->106530 106531 7ffdfb212e32 106530->106531 106564 7ffdfb212cc8 EnterCriticalSection 106531->106564 106534 7ffdfb212be4 35 API calls 106535 7ffdfb212e59 106534->106535 106574 7ffdfb21168c 33 API calls memcpy_s 106535->106574 106537 7ffdfb212e6d 106575 7ffdfb213990 33 API calls 106537->106575 106539 7ffdfb212eae 106576 7ffdfb21168c 33 API calls memcpy_s 106539->106576 106541 7ffdfb212ec2 106577 7ffdfb213990 33 API calls 106541->106577 106543 7ffdfb212f04 106544 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106543->106544 106545 7ffdfb212f16 106544->106545 106546 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106545->106546 106547 7ffdfb212f20 106546->106547 106548 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106547->106548 106549 7ffdfb212f2b 106548->106549 106550 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106549->106550 106551 7ffdfb212f35 106550->106551 106552 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106551->106552 106553 7ffdfb212f3f 106552->106553 106554 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106553->106554 106555 7ffdfb212f49 106554->106555 106556 7ffdfb212f7e ctype 106555->106556 106558 7ffdfb212fd2 106555->106558 106578 7ffdfb21168c 33 API calls memcpy_s 106556->106578 106560 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106558->106560 106559 7ffdfb212fab 106561 7ffdfb311620 ctype 8 API calls 106559->106561 106562 7ffdfb212fd7 106560->106562 106563 7ffdfb212fba 106561->106563 106565 7ffdfb212d17 106564->106565 106566 7ffdfb212d69 106564->106566 106569 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106565->106569 106567 7ffdfb213904 33 API calls 106566->106567 106568 7ffdfb212d80 LeaveCriticalSection 106567->106568 106570 7ffdfb311620 ctype 8 API calls 106568->106570 106571 7ffdfb212d34 106569->106571 106572 7ffdfb212d9a 106570->106572 106573 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106571->106573 106572->106534 106573->106566 106574->106537 106575->106539 106576->106541 106577->106543 106578->106559 105065 7ffdfa881000 105068 7ffdfa88f490 105065->105068 105073 7ffdfa9001b4 105068->105073 105071 7ffdfa881010 105074 7ffdfa9001ce malloc 105073->105074 105075 7ffdfa88f4a7 105074->105075 105076 7ffdfa9001bf 105074->105076 105075->105071 105080 7ffdfa88f4d0 105075->105080 105076->105074 105077 7ffdfa9001de 105076->105077 105078 7ffdfa9001e9 Concurrency::cancel_current_task 105077->105078 105147 7ffdfa90136c _CxxThrowException std::bad_alloc::bad_alloc 105077->105147 105148 7ffdfa8f76c0 105080->105148 105082 7ffdfa88fe8f 105202 7ffdfa88ffc0 _CxxThrowException Concurrency::cancel_current_task 105082->105202 105085 7ffdfa88f567 105087 7ffdfa9001b4 std::_Facet_Register 2 API calls 105085->105087 105088 7ffdfa88f583 shared_ptr 105087->105088 105090 7ffdfa88f5fb shared_ptr 105088->105090 105160 7ffdfa8f7910 105088->105160 105091 7ffdfa88f7ac 105090->105091 105092 7ffdfa88f68f 105090->105092 105093 7ffdfa88f8a4 105091->105093 105096 7ffdfa88f7d4 GetCurrentThreadId 105091->105096 105095 7ffdfa88f6a2 GetCurrentThreadId 105092->105095 105143 7ffdfa88f769 105092->105143 105094 7ffdfa9001b4 std::_Facet_Register 2 API calls 105093->105094 105098 7ffdfa88f8c4 105094->105098 105169 7ffdfa882ab0 105095->105169 105100 7ffdfa882ab0 shared_ptr 3 API calls 105096->105100 105166 7ffdfa8d6430 GetProcAddress 105098->105166 105104 7ffdfa88f814 _ftime64 105100->105104 105103 7ffdfa88f6d7 _ftime64 105172 7ffdfa8830e0 105103->105172 105107 7ffdfa8830e0 shared_ptr 31 API calls 105104->105107 105105 7ffdfa88f90d 105108 7ffdfa88f958 105105->105108 105113 7ffdfa88f951 _invalid_parameter_noinfo_noreturn 105105->105113 105110 7ffdfa88f884 shared_ptr 105107->105110 105111 7ffdfa88fa40 shared_ptr 105108->105111 105114 7ffdfa88f993 GetCurrentThreadId 105108->105114 105108->105143 105109 7ffdfa88f74f shared_ptr 105186 7ffdfa882ed0 105109->105186 105115 7ffdfa882ed0 shared_ptr 6 API calls 105110->105115 105112 7ffdfa88fb43 105111->105112 105116 7ffdfa88fa73 GetCurrentThreadId 105111->105116 105146 7ffdfa5d8670 334 API calls 105112->105146 105113->105108 105118 7ffdfa882ab0 shared_ptr ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105114->105118 105115->105093 105120 7ffdfa882ab0 shared_ptr ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105116->105120 105121 7ffdfa88f9d1 _ftime64 105118->105121 105119 7ffdfa88fb45 105124 7ffdfa88fb63 GetCurrentThreadId 105119->105124 105126 7ffdfa88fc33 105119->105126 105122 7ffdfa88fab3 _ftime64 105120->105122 105123 7ffdfa8830e0 shared_ptr 31 API calls 105121->105123 105125 7ffdfa8830e0 shared_ptr 31 API calls 105122->105125 105123->105111 105127 7ffdfa882ab0 shared_ptr ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105124->105127 105128 7ffdfa88fb23 shared_ptr 105125->105128 105129 7ffdfa88fc58 GetCurrentThreadId 105126->105129 105139 7ffdfa88fd08 shared_ptr 105126->105139 105126->105143 105130 7ffdfa88fba3 _ftime64 105127->105130 105133 7ffdfa882ed0 shared_ptr 6 API calls 105128->105133 105131 7ffdfa882ab0 shared_ptr ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105129->105131 105132 7ffdfa8830e0 shared_ptr 31 API calls 105130->105132 105134 7ffdfa88fc98 _ftime64 105131->105134 105135 7ffdfa88fc13 shared_ptr 105132->105135 105133->105112 105136 7ffdfa8830e0 shared_ptr 31 API calls 105134->105136 105141 7ffdfa882ed0 shared_ptr 6 API calls 105135->105141 105136->105139 105137 7ffdfa88fd59 GetCurrentThreadId 105138 7ffdfa882ab0 shared_ptr ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105137->105138 105140 7ffdfa88fd99 _ftime64 105138->105140 105139->105137 105139->105143 105142 7ffdfa8830e0 shared_ptr 31 API calls 105140->105142 105141->105126 105144 7ffdfa88fe09 shared_ptr 105142->105144 105193 7ffdfa900310 105143->105193 105145 7ffdfa882ed0 shared_ptr 6 API calls 105144->105145 105145->105143 105146->105119 105147->105078 105149 7ffdfa8f7707 105148->105149 105150 7ffdfa8f78d3 105148->105150 105153 7ffdfa88f52c 105149->105153 105203 7ffdfa901cb0 105149->105203 105208 7ffdfa900864 5 API calls shared_ptr 105150->105208 105153->105082 105153->105085 105155 7ffdfa9001b4 std::_Facet_Register 2 API calls 105158 7ffdfa8f77c9 shared_ptr 105155->105158 105207 7ffdfa8f7230 malloc _CxxThrowException std::_Facet_Register 105158->105207 105161 7ffdfa8f7962 105160->105161 105242 7ffdfa8d6370 105161->105242 105164 7ffdfa8f7a0b _invalid_parameter_noinfo_noreturn 105165 7ffdfa8f79e5 105165->105090 105167 7ffdfa8d6455 GetLastError 105166->105167 105168 7ffdfa8d6451 105166->105168 105167->105168 105170 7ffdfa882aee ??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N ??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA 105169->105170 105171 7ffdfa882ace ??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA 105169->105171 105170->105103 105171->105170 105173 7ffdfa883120 105172->105173 105173->105173 105254 7ffdfa882b60 105173->105254 105175 7ffdfa883139 105176 7ffdfa88314f MultiByteToWideChar 105175->105176 105177 7ffdfa883186 105175->105177 105176->105177 105178 7ffdfa8831a2 105176->105178 105267 7ffdfa882650 105177->105267 105178->105177 105280 7ffdfa882910 13 API calls 3 library calls 105178->105280 105182 7ffdfa900310 shared_ptr 8 API calls 105184 7ffdfa88325e 105182->105184 105183 7ffdfa88324c 105183->105182 105184->105109 105185 7ffdfa883245 _invalid_parameter_noinfo_noreturn 105185->105183 105283 7ffdfa883500 _invalid_parameter_noinfo_noreturn 105186->105283 105189 7ffdfa882f91 ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA 105190 7ffdfa882faa _invalid_parameter_noinfo_noreturn 105189->105190 105192 7ffdfa882fd8 105190->105192 105191 7ffdfa882eef 105191->105190 105284 7ffdfa882db0 ??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA _invalid_parameter_noinfo_noreturn 105191->105284 105192->105143 105194 7ffdfa900319 105193->105194 105195 7ffdfa9009a8 IsProcessorFeaturePresent 105194->105195 105196 7ffdfa88fe6e 105194->105196 105197 7ffdfa9009c0 105195->105197 105196->105071 105285 7ffdfa900b9c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 105197->105285 105199 7ffdfa9009d3 105286 7ffdfa900974 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 105199->105286 105204 7ffdfa901cc0 105203->105204 105206 7ffdfa8f779f 105203->105206 105209 7ffdfa902f40 105204->105209 105206->105153 105206->105155 105207->105153 105232 7ffdfa902b50 105209->105232 105236 7ffdfa9074f1 105232->105236 105233 7ffdfa907460 CreateEventA 105234 7ffdfa9074dd GetLastError 105233->105234 105239 7ffdfa903690 6 API calls fprintf 105234->105239 105236->105233 105240 7ffdfa901ab0 _errno _errno 105236->105240 105241 7ffdfa907460 10 API calls shared_ptr 105236->105241 105239->105236 105240->105236 105251 7ffdfa901270 105242->105251 105245 7ffdfa8d63e6 LoadLibraryExW 105246 7ffdfa8d63d0 GetLastError 105245->105246 105247 7ffdfa8d63e4 105245->105247 105253 7ffdfa8d6190 9 API calls shared_ptr 105246->105253 105249 7ffdfa900310 shared_ptr 8 API calls 105247->105249 105250 7ffdfa8d6411 105249->105250 105250->105164 105250->105165 105252 7ffdfa8d6380 MultiByteToWideChar 105251->105252 105252->105245 105252->105246 105253->105247 105255 7ffdfa882ba0 105254->105255 105256 7ffdfa882bbe 105254->105256 105255->105175 105257 7ffdfa882c79 Concurrency::cancel_current_task 105256->105257 105258 7ffdfa882bee 105256->105258 105259 7ffdfa882bdd 105256->105259 105262 7ffdfa882c84 __std_exception_copy 105257->105262 105258->105257 105261 7ffdfa882c10 105258->105261 105281 7ffdfa882670 10 API calls 2 library calls 105259->105281 105263 7ffdfa882c1c 105261->105263 105264 7ffdfa882c26 105261->105264 105262->105175 105282 7ffdfa882670 10 API calls 2 library calls 105263->105282 105264->105255 105266 7ffdfa9001b4 std::_Facet_Register 2 API calls 105264->105266 105266->105255 105268 7ffdfa88265b 105267->105268 105269 7ffdfa88273a ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12 105268->105269 105271 7ffdfa882727 105268->105271 105269->105271 105272 7ffdfa8827f3 ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J 105271->105272 105273 7ffdfa8827f0 105271->105273 105274 7ffdfa882789 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 105271->105274 105276 7ffdfa882761 ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N ?uncaught_exception@std@ 105271->105276 105275 7ffdfa8827a6 105272->105275 105272->105276 105273->105272 105274->105271 105274->105275 105275->105276 105279 7ffdfa8827b5 ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W 105275->105279 105277 7ffdfa882850 105276->105277 105278 7ffdfa882846 ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@ 105276->105278 105277->105183 105277->105185 105278->105277 105279->105275 105279->105276 105280->105177 105281->105255 105282->105255 105283->105191 105284->105189 105285->105199 106281 7ffdfb2133a4 106282 7ffdfb2133ae 106281->106282 106283 7ffdfb2133b1 InternetOpenUrlA 106281->106283 106282->106283 106284 7ffdfb2133e3 106283->106284 106285 7ffdfb213407 106284->106285 106286 7ffdfb213401 InternetCloseHandle 106284->106286 106287 7ffdfb2133f4 InternetSetStatusCallbackW 106284->106287 106288 7ffdfb213419 HttpQueryInfoA 106285->106288 106286->106285 106287->106286 106289 7ffdfb21345e HttpQueryInfoA 106288->106289 106290 7ffdfb213450 106288->106290 106292 7ffdfb213490 106289->106292 106293 7ffdfb21349c HttpQueryInfoA 106289->106293 106290->106289 106291 7ffdfb213822 106290->106291 106296 7ffdfb313cc4 _CxxThrowException 2 API calls 106291->106296 106292->106293 106294 7ffdfb2134cd strstr 106293->106294 106295 7ffdfb2135d2 InternetQueryOptionA GetLastError 106293->106295 106294->106295 106310 7ffdfb2134e9 106294->106310 106298 7ffdfb2135fd fread_s 106295->106298 106297 7ffdfb213842 106296->106297 106300 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106297->106300 106299 7ffdfb21361d InternetQueryOptionA 106298->106299 106301 7ffdfb21363e 106299->106301 106302 7ffdfb213657 106299->106302 106303 7ffdfb213848 106300->106303 106320 7ffdfb212fd8 106301->106320 106305 7ffdfb212fd8 34 API calls 106302->106305 106306 7ffdfb213e30 36 API calls 106303->106306 106307 7ffdfb213646 106305->106307 106308 7ffdfb213854 106306->106308 106313 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106307->106313 106309 7ffdfb313cc4 _CxxThrowException 2 API calls 106308->106309 106311 7ffdfb213864 CloseHandle 106309->106311 106312 7ffdfb207484 numpunct 33 API calls 106310->106312 106314 7ffdfb213567 106312->106314 106319 7ffdfb2135c8 ctype fread_s 106313->106319 106315 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106314->106315 106316 7ffdfb21358d 106315->106316 106316->106297 106316->106319 106317 7ffdfb2136bb InternetReadFileExW 106318 7ffdfb2136ea GetLastError 106317->106318 106318->106303 106318->106319 106319->106317 106321 7ffdfb21301e strrchr 106320->106321 106322 7ffdfb207484 numpunct 33 API calls 106321->106322 106325 7ffdfb213037 _Stoullx 106322->106325 106323 7ffdfb21317c ctype 106326 7ffdfb311620 ctype 8 API calls 106323->106326 106324 7ffdfb213106 ctype 106324->106323 106328 7ffdfb2131a8 106324->106328 106333 7ffdfb2131ad 106324->106333 106325->106324 106330 7ffdfb2130db memcpy_s 106325->106330 106338 7ffdfb207a84 33 API calls 5 library calls 106325->106338 106329 7ffdfb213190 106326->106329 106332 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106328->106332 106329->106307 106339 7ffdfb21387c 106330->106339 106332->106333 106334 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106333->106334 106335 7ffdfb2131b3 106334->106335 106336 7ffdfb2131d2 106335->106336 106337 7ffdfb2131c0 SetEvent 106335->106337 106336->106307 106337->106336 106338->106330 106340 7ffdfb2138bf ctype 106339->106340 106341 7ffdfb213891 106339->106341 106340->106324 106341->106340 106342 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106341->106342 106343 7ffdfb213901 106342->106343 106787 7ffdfb212c44 106788 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106787->106788 106789 7ffdfb212c50 106788->106789 106790 7ffdfb212c85 106789->106790 106791 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106789->106791 106792 7ffdfb213904 33 API calls 106790->106792 106791->106790 106793 7ffdfb212c9c LeaveCriticalSection 106792->106793 106794 7ffdfb311620 ctype 8 API calls 106793->106794 106795 7ffdfb212cb6 106794->106795 106796 7ffdfb218848 106797 7ffdfb218879 106796->106797 106798 7ffdfb2188b2 106796->106798 106799 7ffdfb21933c 37 API calls 106797->106799 106800 7ffdfb311620 ctype 8 API calls 106798->106800 106801 7ffdfb218887 106799->106801 106802 7ffdfb2188cc 106800->106802 106806 7ffdfb21803c 106801->106806 106805 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106805->106798 106807 7ffdfb215678 37 API calls 106806->106807 106808 7ffdfb21807b 106807->106808 106809 7ffdfb213904 33 API calls 106808->106809 106810 7ffdfb2180ae 106809->106810 106811 7ffdfb215978 33 API calls 106810->106811 106812 7ffdfb2180c2 106811->106812 106813 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106812->106813 106814 7ffdfb2180d5 106813->106814 106815 7ffdfb215164 33 API calls 106814->106815 106816 7ffdfb2180e4 106815->106816 106817 7ffdfb21818c 106816->106817 106825 7ffdfb217da0 EnterCriticalSection 106816->106825 106819 7ffdfb311620 ctype 8 API calls 106817->106819 106821 7ffdfb218199 106819->106821 106820 7ffdfb218164 106822 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106820->106822 106821->106805 106823 7ffdfb218175 106822->106823 106837 7ffdfb2bf0d8 36 API calls std::ios_base::~ios_base 106823->106837 106826 7ffdfb217dee LeaveCriticalSection 106825->106826 106827 7ffdfb217ddc LeaveCriticalSection 106825->106827 106828 7ffdfb217df9 106826->106828 106827->106828 106830 7ffdfb217e3a 106828->106830 106838 7ffdfb217e4c 106828->106838 106830->106820 106834 7ffdfb217e13 EnterCriticalSection 106835 7ffdfb217e2e 106834->106835 106836 7ffdfb217e31 LeaveCriticalSection 106834->106836 106835->106836 106836->106830 106837->106817 106843 7ffdfb217e9e fread_s 106838->106843 106839 7ffdfb217f2f ShellExecuteExW 106840 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106839->106840 106841 7ffdfb217f47 106840->106841 106842 7ffdfb311620 ctype 8 API calls 106841->106842 106846 7ffdfb217e05 106842->106846 106843->106839 106844 7ffdfb217ef6 106843->106844 106847 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106843->106847 106845 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106844->106845 106848 7ffdfb217f1d 106845->106848 106846->106830 106849 7ffdfb2a1538 36 API calls std::ios_base::~ios_base 106846->106849 106847->106844 106848->106839 106849->106834 105287 7ffdfb214268 105332 7ffdfb2140b0 105287->105332 105290 7ffdfb2142d5 105293 7ffdfb213e30 36 API calls 105290->105293 105291 7ffdfb214296 105336 7ffdfb20a220 105291->105336 105295 7ffdfb2142e0 105293->105295 105294 7ffdfb2142b1 105296 7ffdfb311620 ctype 8 API calls 105294->105296 105297 7ffdfb313cc4 _CxxThrowException 2 API calls 105295->105297 105298 7ffdfb2142c0 105296->105298 105299 7ffdfb2142f0 105297->105299 105300 7ffdfb213e30 36 API calls 105299->105300 105301 7ffdfb214301 105300->105301 105302 7ffdfb313cc4 _CxxThrowException 2 API calls 105301->105302 105303 7ffdfb214311 105302->105303 105304 7ffdfb313cc4 _CxxThrowException 2 API calls 105303->105304 105305 7ffdfb214332 GetModuleFileNameW 105304->105305 105307 7ffdfb214397 GetFileVersionInfoSizeExW 105305->105307 105308 7ffdfb2143b1 fread_s 105307->105308 105309 7ffdfb2143ce GetFileVersionInfoW 105308->105309 105310 7ffdfb2143eb 105309->105310 105340 7ffdfb214208 41 API calls 4 library calls 105310->105340 105312 7ffdfb2143f7 105341 7ffdfb213ac4 33 API calls memcpy_s 105312->105341 105314 7ffdfb21440e 105342 7ffdfb21168c 33 API calls memcpy_s 105314->105342 105316 7ffdfb21444b 105343 7ffdfb21168c 33 API calls memcpy_s 105316->105343 105318 7ffdfb214488 105319 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105318->105319 105320 7ffdfb2144b7 105319->105320 105321 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105320->105321 105322 7ffdfb2144c1 105321->105322 105323 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105322->105323 105324 7ffdfb2144cb VerQueryValueW 105323->105324 105325 7ffdfb2144f3 105324->105325 105326 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 105325->105326 105327 7ffdfb21450c 105326->105327 105328 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 105327->105328 105329 7ffdfb214517 ctype 105328->105329 105330 7ffdfb311620 ctype 8 API calls 105329->105330 105331 7ffdfb214532 105330->105331 105333 7ffdfb2140d6 _snwprintf_s 105332->105333 105344 7ffdfb326de4 105333->105344 105337 7ffdfb20a240 105336->105337 105337->105337 105338 7ffdfb20a250 memcpy_s 105337->105338 105386 7ffdfb20a668 33 API calls 5 library calls 105337->105386 105338->105294 105340->105312 105341->105314 105342->105316 105343->105318 105345 7ffdfb326e25 105344->105345 105346 7ffdfb326e1b 105344->105346 105373 7ffdfb2140f7 105345->105373 105384 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105345->105384 105346->105345 105349 7ffdfb326e48 105346->105349 105348 7ffdfb326f20 105385 7ffdfb31f0f8 31 API calls _invalid_parameter_noinfo 105348->105385 105351 7ffdfb326ea2 105349->105351 105352 7ffdfb326e51 105349->105352 105378 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105351->105378 105374 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105352->105374 105355 7ffdfb326ea7 105379 7ffdfb321238 43 API calls 6 library calls 105355->105379 105356 7ffdfb326e56 105375 7ffdfb321238 43 API calls 6 library calls 105356->105375 105359 7ffdfb326ed4 105361 7ffdfb326ef8 105359->105361 105363 7ffdfb326ee4 105359->105363 105360 7ffdfb326e83 105360->105361 105362 7ffdfb326e88 105360->105362 105361->105373 105382 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105361->105382 105376 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105362->105376 105380 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105363->105380 105366 7ffdfb326e8d 105366->105373 105377 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105366->105377 105367 7ffdfb326ee9 105367->105373 105381 7ffdfb32776c 15 API calls _invalid_parameter_noinfo 105367->105381 105369 7ffdfb326f0a 105383 7ffdfb31f0f8 31 API calls _invalid_parameter_noinfo 105369->105383 105373->105290 105373->105291 105374->105356 105375->105360 105376->105366 105377->105373 105378->105355 105379->105359 105380->105367 105381->105373 105382->105369 105383->105373 105384->105348 105385->105373 105386->105338 106874 7ffdfb213728 CloseHandle 106875 7ffdfb21375d InternetSetStatusCallbackW InternetCloseHandle 106874->106875 106876 7ffdfb21373e 106874->106876 106879 7ffdfb311620 ctype 8 API calls 106875->106879 106877 7ffdfb213752 InternetCloseHandle 106876->106877 106878 7ffdfb213745 InternetSetStatusCallbackW 106876->106878 106877->106875 106878->106877 106880 7ffdfb213780 106879->106880 104791 7ffdfb209b8c 104794 7ffdfb20a59c 104791->104794 104809 7ffdfb20ace0 104794->104809 104798 7ffdfb20a5e3 104817 7ffdfb20ab80 104798->104817 104800 7ffdfb20a5f5 104821 7ffdfb214ff4 EnterCriticalSection 104800->104821 104810 7ffdfb20ad59 104809->104810 104825 7ffdfb20d388 104810->104825 104813 7ffdfb20b6cc 104814 7ffdfb20b701 104813->104814 104816 7ffdfb20b735 104814->104816 104850 7ffdfb20d8e0 6 API calls 5 library calls 104814->104850 104816->104798 104818 7ffdfb20abbe 104817->104818 104820 7ffdfb20ac20 memcpy_s 104818->104820 104851 7ffdfb20a668 33 API calls 5 library calls 104818->104851 104820->104800 104852 7ffdfb214740 104821->104852 104930 7ffdfb2147b4 104821->104930 104822 7ffdfb21503a LeaveCriticalSection 104826 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 104825->104826 104827 7ffdfb20d3b3 104826->104827 104830 7ffdfb30f964 104827->104830 104839 7ffdfb30f71c 104830->104839 104832 7ffdfb30f987 104838 7ffdfb30f9a6 std::_Locinfo::_Locinfo_ctor 104832->104838 104847 7ffdfb30fb20 4 API calls 2 library calls 104832->104847 104834 7ffdfb30f99b 104848 7ffdfb30fb90 36 API calls std::locale::_Setgloballocale 104834->104848 104836 7ffdfb20a5d6 104836->104813 104843 7ffdfb30f79c 104838->104843 104840 7ffdfb30f72b 104839->104840 104842 7ffdfb30f730 104839->104842 104849 7ffdfb3312ac EnterCriticalSection 104840->104849 104842->104832 104844 7ffdfb30f7a7 LeaveCriticalSection 104843->104844 104846 7ffdfb30f7b0 104843->104846 104846->104836 104847->104834 104848->104838 104850->104816 104851->104820 105010 7ffdfb207484 104852->105010 104854 7ffdfb21478f EnterCriticalSection 104855 7ffdfb214808 104854->104855 105014 7ffdfb213904 104855->105014 104857 7ffdfb214820 LeaveCriticalSection 104858 7ffdfb214842 104857->104858 104875 7ffdfb2148bd ctype 104857->104875 105018 7ffdfb2151f8 104858->105018 104863 7ffdfb2151f8 33 API calls 104866 7ffdfb214943 104863->104866 104864 7ffdfb2073b4 33 API calls 104865 7ffdfb21486b 104864->104865 104868 7ffdfb2073b4 33 API calls 104865->104868 104867 7ffdfb2073b4 33 API calls 104866->104867 104869 7ffdfb214963 104867->104869 104868->104875 104870 7ffdfb214992 ctype 104869->104870 104872 7ffdfb2149fc 104869->104872 104871 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104870->104871 104874 7ffdfb2149b1 104871->104874 104878 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104872->104878 104873 7ffdfb214a01 104879 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104873->104879 104876 7ffdfb2073b4 33 API calls 104874->104876 104875->104873 104877 7ffdfb214a07 104875->104877 105039 7ffdfb212be4 EnterCriticalSection 104875->105039 104880 7ffdfb2149c6 104876->104880 104881 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104877->104881 104878->104873 104879->104877 104882 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104880->104882 104883 7ffdfb214a0d 104881->104883 104884 7ffdfb2149d0 104882->104884 104886 7ffdfb214a4a RegCreateKeyExA 104883->104886 104885 7ffdfb311620 ctype 8 API calls 104884->104885 104887 7ffdfb2149df 104885->104887 104888 7ffdfb214a95 104886->104888 104917 7ffdfb214b99 104886->104917 104887->104822 104890 7ffdfb207484 numpunct 33 API calls 104888->104890 104889 7ffdfb213e30 36 API calls 104891 7ffdfb214baa 104889->104891 104894 7ffdfb214aa1 104890->104894 104892 7ffdfb313cc4 _CxxThrowException 2 API calls 104891->104892 104893 7ffdfb214bba 104892->104893 104895 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104893->104895 104897 7ffdfb214ac9 RegSetValueExW 104894->104897 104896 7ffdfb214bc0 104895->104896 104899 7ffdfb213e30 36 API calls 104896->104899 105034 7ffdfb20a1bc 104897->105034 104900 7ffdfb214bd1 104899->104900 104902 7ffdfb313cc4 _CxxThrowException 2 API calls 104900->104902 104901 7ffdfb214b34 RegCloseKey 104901->104896 104904 7ffdfb214b42 104901->104904 104905 7ffdfb214be1 104902->104905 104903 7ffdfb214af7 ctype 104903->104893 104903->104901 104906 7ffdfb214b70 ctype 104904->104906 104908 7ffdfb214b94 104904->104908 104910 7ffdfb214c18 RegOpenKeyExA 104905->104910 104907 7ffdfb311620 ctype 8 API calls 104906->104907 104909 7ffdfb214b81 104907->104909 104911 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104908->104911 104909->104822 104912 7ffdfb214cc1 104910->104912 104913 7ffdfb214c4a RegDeleteValueA RegCloseKey 104910->104913 104911->104917 104914 7ffdfb213e30 36 API calls 104912->104914 104915 7ffdfb214ce1 104913->104915 104916 7ffdfb214c67 104913->104916 104918 7ffdfb214cd1 104914->104918 104919 7ffdfb213e30 36 API calls 104915->104919 104920 7ffdfb214c99 ctype 104916->104920 104926 7ffdfb214cbb 104916->104926 104917->104889 104921 7ffdfb313cc4 _CxxThrowException 2 API calls 104918->104921 104922 7ffdfb214cf2 104919->104922 104923 7ffdfb311620 ctype 8 API calls 104920->104923 104921->104915 104925 7ffdfb313cc4 _CxxThrowException 2 API calls 104922->104925 104924 7ffdfb214caa 104923->104924 104924->104822 104928 7ffdfb214d02 104925->104928 104927 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104926->104927 104929 7ffdfb214cc0 104927->104929 104929->104912 104931 7ffdfb2147c4 104930->104931 104932 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104931->104932 104933 7ffdfb2147d7 104932->104933 104934 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104933->104934 104935 7ffdfb214808 104934->104935 104936 7ffdfb213904 33 API calls 104935->104936 104937 7ffdfb214820 LeaveCriticalSection 104936->104937 104938 7ffdfb214842 104937->104938 104951 7ffdfb2148bd ctype 104937->104951 104940 7ffdfb2151f8 33 API calls 104938->104940 104939 7ffdfb212be4 35 API calls 104942 7ffdfb214936 104939->104942 104941 7ffdfb21484f 104940->104941 104944 7ffdfb2073b4 33 API calls 104941->104944 104943 7ffdfb2151f8 33 API calls 104942->104943 104946 7ffdfb214943 104943->104946 104945 7ffdfb21486b 104944->104945 104948 7ffdfb2073b4 33 API calls 104945->104948 104947 7ffdfb2073b4 33 API calls 104946->104947 104949 7ffdfb214963 104947->104949 104948->104951 104950 7ffdfb214992 ctype 104949->104950 104953 7ffdfb2149fc 104949->104953 104952 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104950->104952 104951->104939 104954 7ffdfb214a01 104951->104954 104957 7ffdfb214a07 104951->104957 104955 7ffdfb2149b1 104952->104955 104958 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104953->104958 104959 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104954->104959 104956 7ffdfb2073b4 33 API calls 104955->104956 104960 7ffdfb2149c6 104956->104960 104961 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104957->104961 104958->104954 104959->104957 104962 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104960->104962 104963 7ffdfb214a0d 104961->104963 104964 7ffdfb2149d0 104962->104964 104966 7ffdfb214a4a RegCreateKeyExA 104963->104966 104965 7ffdfb311620 ctype 8 API calls 104964->104965 104967 7ffdfb2149df 104965->104967 104968 7ffdfb214a95 104966->104968 104997 7ffdfb214b99 104966->104997 104967->104822 104970 7ffdfb207484 numpunct 33 API calls 104968->104970 104969 7ffdfb213e30 36 API calls 104971 7ffdfb214baa 104969->104971 104974 7ffdfb214aa1 104970->104974 104972 7ffdfb313cc4 _CxxThrowException 2 API calls 104971->104972 104973 7ffdfb214bba 104972->104973 104975 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104973->104975 104977 7ffdfb214ac9 RegSetValueExW 104974->104977 104976 7ffdfb214bc0 104975->104976 104979 7ffdfb213e30 36 API calls 104976->104979 104978 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 104977->104978 104980 7ffdfb214af7 ctype 104978->104980 104981 7ffdfb214bd1 104979->104981 104980->104973 104982 7ffdfb214b34 RegCloseKey 104980->104982 104983 7ffdfb313cc4 _CxxThrowException 2 API calls 104981->104983 104982->104976 104984 7ffdfb214b42 104982->104984 104985 7ffdfb214be1 104983->104985 104986 7ffdfb214b70 ctype 104984->104986 104988 7ffdfb214b94 104984->104988 104990 7ffdfb214c18 RegOpenKeyExA 104985->104990 104987 7ffdfb311620 ctype 8 API calls 104986->104987 104989 7ffdfb214b81 104987->104989 104991 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 104988->104991 104989->104822 104992 7ffdfb214cc1 104990->104992 104993 7ffdfb214c4a RegDeleteValueA RegCloseKey 104990->104993 104991->104997 104994 7ffdfb213e30 36 API calls 104992->104994 104995 7ffdfb214ce1 104993->104995 104996 7ffdfb214c67 104993->104996 104998 7ffdfb214cd1 104994->104998 104999 7ffdfb213e30 36 API calls 104995->104999 105000 7ffdfb214c99 ctype 104996->105000 105006 7ffdfb214cbb 104996->105006 104997->104969 105001 7ffdfb313cc4 _CxxThrowException 2 API calls 104998->105001 105002 7ffdfb214cf2 104999->105002 105003 7ffdfb311620 ctype 8 API calls 105000->105003 105001->104995 105005 7ffdfb313cc4 _CxxThrowException 2 API calls 105002->105005 105004 7ffdfb214caa 105003->105004 105004->104822 105008 7ffdfb214d02 105005->105008 105007 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105006->105007 105009 7ffdfb214cc0 105007->105009 105009->104992 105011 7ffdfb2074aa 105010->105011 105011->105011 105013 7ffdfb2074b9 memcpy_s 105011->105013 105045 7ffdfb207a84 33 API calls 5 library calls 105011->105045 105013->104854 105015 7ffdfb213929 105014->105015 105017 7ffdfb213937 memcpy_s 105015->105017 105046 7ffdfb20a37c 33 API calls 2 library calls 105015->105046 105017->104857 105019 7ffdfb21524e 105018->105019 105033 7ffdfb215261 memcpy_s ctype 105018->105033 105020 7ffdfb215256 105019->105020 105021 7ffdfb215267 105019->105021 105019->105033 105047 7ffdfb20d7a8 33 API calls 5 library calls 105020->105047 105021->105033 105048 7ffdfb20a29c 31 API calls 3 library calls 105021->105048 105023 7ffdfb21484f 105023->104864 105025 7ffdfb21540b 105049 7ffdfb207bc0 33 API calls numpunct 105025->105049 105027 7ffdfb215410 105029 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105027->105029 105028 7ffdfb311644 RtlPcToFileHeader RaiseException EnterCriticalSection LeaveCriticalSection std::locale::_Locimp::_New_Locimp 105028->105033 105030 7ffdfb215416 105029->105030 105031 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105030->105031 105032 7ffdfb21541c 105031->105032 105033->105023 105033->105025 105033->105027 105033->105028 105033->105030 105035 7ffdfb20a1cf 105034->105035 105036 7ffdfb20a1f8 ctype 105034->105036 105035->105036 105037 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 105035->105037 105036->104903 105038 7ffdfb20a21c 105037->105038 105040 7ffdfb212c33 105039->105040 105041 7ffdfb213904 33 API calls 105040->105041 105042 7ffdfb212c9c LeaveCriticalSection 105041->105042 105043 7ffdfb311620 ctype 8 API calls 105042->105043 105044 7ffdfb212cb6 105043->105044 105044->104863 105045->105013 105046->105017 105047->105033 105048->105033 105995 7ffdfb2155cc 105999 7ffdfb21baaf 105995->105999 106053 7ffdfb218a94 105995->106053 105996 7ffdfb2155e4 106000 7ffdfb21bac3 105999->106000 106004 7ffdfb21badc ctype 105999->106004 106001 7ffdfb21bd21 106000->106001 106000->106004 106002 7ffdfb31f118 _invalid_parameter_noinfo_noreturn 31 API calls 106001->106002 106003 7ffdfb21bd26 106002->106003 106005 7ffdfb213e30 36 API calls 106003->106005 106008 7ffdfb213904 33 API calls 106004->106008 106006 7ffdfb21bd38 106005->106006 106007 7ffdfb313cc4 _CxxThrowException 2 API calls 106006->106007 106009 7ffdfb21bd49 106007->106009 106010 7ffdfb21bb20 106008->106010 106066 7ffdfb215054 EnterCriticalSection 106009->106066 106014 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106010->106014 106013 7ffdfb21bdb0 106016 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106013->106016 106017 7ffdfb21bb3d 106014->106017 106015 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106015->106013 106021 7ffdfb21bde0 106016->106021 106018 7ffdfb213904 33 API calls 106017->106018 106019 7ffdfb21bb67 EnterCriticalSection 106018->106019 106020 7ffdfb21bb8b memcpy_s 106019->106020 106024 7ffdfb217f6c 33 API calls 106020->106024 106022 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106021->106022 106023 7ffdfb21be45 106022->106023 106074 7ffdfb215114 EnterCriticalSection LeaveCriticalSection 106023->106074 106026 7ffdfb21bbfd 106024->106026 106028 7ffdfb21bc43 106026->106028 106031 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 106026->106031 106073 7ffdfb2184d0 36 API calls 2 library calls 106028->106073 106034 7ffdfb21bc10 106031->106034 106033 7ffdfb21bc5d 106035 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106033->106035 106036 7ffdfb215478 45 API calls 106034->106036 106038 7ffdfb21bc6b 106035->106038 106039 7ffdfb21bc2a 106036->106039 106042 7ffdfb21bc78 LeaveCriticalSection 106038->106042 106040 7ffdfb21560c 38 API calls 106039->106040 106040->106028 106043 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106042->106043 106044 7ffdfb21bc8d 106043->106044 106045 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106044->106045 106046 7ffdfb21bcbd 106045->106046 106047 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106046->106047 106048 7ffdfb21bcca 106047->106048 106049 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106048->106049 106050 7ffdfb21bcd5 106049->106050 106051 7ffdfb311620 ctype 8 API calls 106050->106051 106052 7ffdfb21bce6 106051->106052 106052->105996 106054 7ffdfb218ac4 106053->106054 106055 7ffdfb218ab5 GetModuleHandleW 106053->106055 106075 7ffdfb2c6978 EnterCriticalSection 106054->106075 106055->106054 106057 7ffdfb218add 106058 7ffdfb218ae7 SetEvent GetCommandLineW CommandLineToArgvW 106057->106058 106059 7ffdfb218b2b 106057->106059 106080 7ffdfb2a08b8 106058->106080 106060 7ffdfb218b30 EnterCriticalSection 106059->106060 106061 7ffdfb218b5a 106059->106061 106063 7ffdfb218b47 106060->106063 106064 7ffdfb218b4c LeaveCriticalSection 106060->106064 106061->105996 106085 7ffdfb2c6800 36 API calls 106063->106085 106064->106061 106067 7ffdfb2150be 106066->106067 106068 7ffdfb2150e1 LeaveCriticalSection 106067->106068 106070 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 106067->106070 106069 7ffdfb311620 ctype 8 API calls 106068->106069 106071 7ffdfb2150fd 106069->106071 106072 7ffdfb2150e0 106070->106072 106071->106013 106071->106015 106072->106068 106073->106033 106076 7ffdfb2c69da LeaveCriticalSection 106075->106076 106077 7ffdfb2c69cd 106075->106077 106076->106057 106086 7ffdfb2c667c 106077->106086 106228 7ffdfb313c00 106080->106228 106085->106064 106087 7ffdfb2c66a5 GetModuleHandleW 106086->106087 106088 7ffdfb2c66b4 106086->106088 106087->106088 106089 7ffdfb2c6705 106088->106089 106091 7ffdfb311644 std::locale::_Locimp::_New_Locimp 4 API calls 106088->106091 106090 7ffdfb2c6757 106089->106090 106151 7ffdfb296ea4 36 API calls 2 library calls 106089->106151 106098 7ffdfb2c677c 106090->106098 106099 7ffdfb2c69fc 106090->106099 106093 7ffdfb2c66f5 106091->106093 106150 7ffdfb295554 38 API calls std::ios_base::~ios_base 106093->106150 106098->106076 106101 7ffdfb2c6a33 106099->106101 106100 7ffdfb2c6a59 106103 7ffdfb2c6b65 106100->106103 106104 7ffdfb2c6a9d 106100->106104 106116 7ffdfb2c6aa8 106100->106116 106101->106100 106107 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106101->106107 106102 7ffdfb2c6b44 106105 7ffdfb311620 ctype 8 API calls 106102->106105 106154 7ffdfb207bac 33 API calls numpunct 106103->106154 106152 7ffdfb2bfe28 36 API calls 5 library calls 106104->106152 106109 7ffdfb2c679a 106105->106109 106107->106101 106118 7ffdfb2c6414 106109->106118 106110 7ffdfb20a220 std::ios_base::~ios_base 33 API calls 106110->106116 106113 7ffdfb213904 33 API calls 106113->106116 106116->106102 106116->106110 106116->106113 106117 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106116->106117 106153 7ffdfb2c01c4 36 API calls 3 library calls 106116->106153 106117->106116 106119 7ffdfb2c646a 106118->106119 106120 7ffdfb2c64e5 106119->106120 106127 7ffdfb29046c 33 API calls 106119->106127 106121 7ffdfb219304 4 API calls 106120->106121 106123 7ffdfb2c64f8 106121->106123 106122 7ffdfb2c662d 106217 7ffdfb2def84 33 API calls 2 library calls 106122->106217 106123->106122 106126 7ffdfb2c655f 106123->106126 106155 7ffdfb2de92c 106123->106155 106215 7ffdfb2ded3c 36 API calls ctype 106126->106215 106127->106119 106129 7ffdfb2c6629 106131 7ffdfb311620 ctype 8 API calls 106129->106131 106130 7ffdfb2c6569 106133 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 106130->106133 106132 7ffdfb2c665f 106131->106132 106132->106098 106134 7ffdfb2c6584 106133->106134 106135 7ffdfb21641c 59 API calls 106134->106135 106136 7ffdfb2c65ba 106135->106136 106137 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106136->106137 106138 7ffdfb2c65c2 106137->106138 106139 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106138->106139 106140 7ffdfb2c65cc 106139->106140 106141 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106140->106141 106142 7ffdfb2c65d6 106141->106142 106216 7ffdfb215b5c 34 API calls 2 library calls 106142->106216 106144 7ffdfb2c65ef 106145 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106144->106145 106146 7ffdfb2c6603 106145->106146 106147 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106146->106147 106148 7ffdfb2c6616 106147->106148 106149 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106148->106149 106149->106129 106150->106089 106151->106090 106152->106116 106153->106116 106156 7ffdfb2dea33 106155->106156 106157 7ffdfb2de96f 106155->106157 106218 7ffdfb2dee90 106156->106218 106158 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 106157->106158 106160 7ffdfb2de97f 106158->106160 106161 7ffdfb21641c 59 API calls 106160->106161 106163 7ffdfb2de9b5 106161->106163 106162 7ffdfb2dea2c 106166 7ffdfb311620 ctype 8 API calls 106162->106166 106165 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106163->106165 106164 7ffdfb2deb8d 106171 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 106164->106171 106214 7ffdfb2decf4 106164->106214 106167 7ffdfb2de9bd 106165->106167 106168 7ffdfb2ded1f 106166->106168 106169 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106167->106169 106168->106123 106173 7ffdfb2de9c7 106169->106173 106170 7ffdfb29046c 33 API calls 106170->106162 106174 7ffdfb2debae 106171->106174 106172 7ffdfb2dea3f 106172->106162 106172->106164 106188 7ffdfb2dec46 106172->106188 106190 7ffdfb2de92c 59 API calls 106172->106190 106175 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106173->106175 106176 7ffdfb21641c 59 API calls 106174->106176 106177 7ffdfb2de9d1 106175->106177 106178 7ffdfb2debe2 106176->106178 106223 7ffdfb215b5c 34 API calls 2 library calls 106177->106223 106179 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106178->106179 106180 7ffdfb2debea 106179->106180 106182 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106180->106182 106184 7ffdfb2debf4 106182->106184 106183 7ffdfb2de9f3 106186 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106183->106186 106185 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106184->106185 106189 7ffdfb2debfe 106185->106189 106187 7ffdfb2dea06 106186->106187 106193 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106187->106193 106191 7ffdfb2158b0 std::ios_base::~ios_base 36 API calls 106188->106191 106224 7ffdfb215b5c 34 API calls 2 library calls 106189->106224 106190->106172 106194 7ffdfb2dec5c 106191->106194 106196 7ffdfb2dea19 106193->106196 106197 7ffdfb21641c 59 API calls 106194->106197 106195 7ffdfb2dec20 106199 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106195->106199 106202 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106196->106202 106198 7ffdfb2dec90 106197->106198 106200 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106198->106200 106201 7ffdfb2dec33 106199->106201 106203 7ffdfb2dec98 106200->106203 106207 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106201->106207 106202->106162 106204 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106203->106204 106205 7ffdfb2deca2 106204->106205 106206 7ffdfb28d454 std::ios_base::~ios_base 34 API calls 106205->106206 106208 7ffdfb2decac 106206->106208 106207->106188 106225 7ffdfb215b5c 34 API calls 2 library calls 106208->106225 106210 7ffdfb2decce 106211 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106210->106211 106212 7ffdfb2dece1 106211->106212 106213 7ffdfb20a1bc std::ios_base::~ios_base 31 API calls 106212->106213 106213->106214 106214->106170 106215->106130 106216->106144 106217->106129 106220 7ffdfb2def6a 106218->106220 106222 7ffdfb2deed4 106218->106222 106220->106172 106222->106220 106226 7ffdfb2be948 36 API calls std::ios_base::~ios_base 106222->106226 106227 7ffdfb294764 33 API calls 5 library calls 106222->106227 106223->106183 106224->106195 106225->106210 106226->106222 106227->106222 106246 7ffdfb314474 106228->106246 106231 7ffdfb314474 _set_se_translator 44 API calls 106232 7ffdfb2a08d4 106231->106232 106233 7ffdfb2c686c 106232->106233 106234 7ffdfb2c6978 64 API calls 106233->106234 106236 7ffdfb2c6880 106234->106236 106235 7ffdfb2a08e0 106235->106059 106236->106235 106237 7ffdfb2c68d0 EnterCriticalSection 106236->106237 106238 7ffdfb2c68a1 EnterCriticalSection 106236->106238 106243 7ffdfb2c690a 106237->106243 106244 7ffdfb2c690f LeaveCriticalSection 106237->106244 106239 7ffdfb2c68b8 106238->106239 106240 7ffdfb2c68bd LeaveCriticalSection 106238->106240 106279 7ffdfb2c6800 36 API calls 106239->106279 106240->106235 106280 7ffdfb2c6800 36 API calls 106243->106280 106244->106235 106252 7ffdfb314490 106246->106252 106249 7ffdfb313c12 106249->106231 106251 7ffdfb31448c 106253 7ffdfb3144af GetLastError 106252->106253 106254 7ffdfb31447d 106252->106254 106265 7ffdfb315e64 106253->106265 106254->106249 106264 7ffdfb32ce04 35 API calls 2 library calls 106254->106264 106256 7ffdfb3144c2 106257 7ffdfb314540 SetLastError 106256->106257 106258 7ffdfb3144d2 106256->106258 106259 7ffdfb315eac __vcrt_getptd_noexit 6 API calls 106256->106259 106257->106254 106258->106257 106260 7ffdfb3144e2 106259->106260 106260->106257 106261 7ffdfb31450b 106260->106261 106262 7ffdfb315eac __vcrt_getptd_noexit 6 API calls 106260->106262 106261->106258 106263 7ffdfb315eac __vcrt_getptd_noexit 6 API calls 106261->106263 106262->106261 106263->106258 106264->106251 106269 7ffdfb315bfc 106265->106269 106270 7ffdfb315c5d TlsGetValue 106269->106270 106271 7ffdfb315c58 try_get_function 106269->106271 106271->106270 106272 7ffdfb315c8c LoadLibraryExW 106271->106272 106276 7ffdfb315d25 FreeLibrary 106271->106276 106277 7ffdfb315d40 106271->106277 106278 7ffdfb315ce7 LoadLibraryExW 106271->106278 106272->106271 106274 7ffdfb315cad GetLastError 106272->106274 106273 7ffdfb315d4e GetProcAddress 106275 7ffdfb315d5f 106273->106275 106274->106271 106275->106270 106276->106271 106277->106270 106277->106273 106278->106271 106279->106240 106280->106244

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 00007FFDF9F38CA0 Relevance: 42.3, APIs: 16, Strings: 8, Instructions: 260threadmemoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 469 7ffdf9f38ca0-7ffdf9f38d1f AllocateAndInitializeSid 470 7ffdf9f38d25-7ffdf9f38d48 CheckTokenMembership 469->470 471 7ffdf9f38fcc-7ffdf9f38fe2 469->471 474 7ffdf9f38d4e-7ffdf9f38d55 470->474 475 7ffdf9f38e92-7ffdf9f38ea0 FreeSid 470->475 472 7ffdf9f38fe8-7ffdf9f39007 GetLastError call 7ffdf9f36650 471->472 473 7ffdf9f3911b-7ffdf9f3912a 471->473 487 7ffdf9f39071-7ffdf9f39078 472->487 488 7ffdf9f39009-7ffdf9f39010 472->488 477 7ffdf9f39190-7ffdf9f391be call 7ffdf9f3f3e0 473->477 478 7ffdf9f3912c-7ffdf9f3918b call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 473->478 479 7ffdf9f38e8e 474->479 480 7ffdf9f38d5b-7ffdf9f38d7a GetLastError call 7ffdf9f36650 474->480 475->473 481 7ffdf9f38ea6-7ffdf9f38ead 475->481 478->477 479->475 496 7ffdf9f38de4-7ffdf9f38deb 480->496 497 7ffdf9f38d7c-7ffdf9f38d83 480->497 481->473 486 7ffdf9f38eb3-7ffdf9f38ed2 GetLastError call 7ffdf9f36650 481->486 500 7ffdf9f38ed4-7ffdf9f38edb 486->500 501 7ffdf9f38f3c-7ffdf9f38f43 486->501 487->473 495 7ffdf9f3907e-7ffdf9f390c5 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 487->495 488->473 493 7ffdf9f39016-7ffdf9f3906f call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 488->493 521 7ffdf9f390ca-7ffdf9f390d1 493->521 495->521 496->479 499 7ffdf9f38df1-7ffdf9f38e38 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 496->499 497->479 504 7ffdf9f38d89-7ffdf9f38de2 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 497->504 523 7ffdf9f38e3d-7ffdf9f38e44 499->523 500->473 505 7ffdf9f38ee1-7ffdf9f38f3a call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 500->505 501->473 507 7ffdf9f38f49-7ffdf9f38f90 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 501->507 504->523 531 7ffdf9f38f95-7ffdf9f38f9c 505->531 507->531 521->473 526 7ffdf9f390d3-7ffdf9f390f0 call 7ffdf9f39550 GetCurrentThreadId 521->526 523->479 530 7ffdf9f38e46-7ffdf9f38e89 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 523->530 535 7ffdf9f390f8-7ffdf9f39116 call 7ffdf9f36ad0 526->535 530->479 531->473 534 7ffdf9f38fa2-7ffdf9f38fc7 call 7ffdf9f39550 GetCurrentThreadId 531->534 534->535 535->473
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4225874142.00007FFDF9EA1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDF9EA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225838611.00007FFDF9EA0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225945439.00007FFDF9F54000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225992400.00007FFDF9F87000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226027580.00007FFDF9F88000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226123817.00007FFDFA254000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226155190.00007FFDFA256000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdf9ea0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentThread$ErrorLast$AllocateCheckCounterFormatFreeInitializeMembershipMessagePerformanceQueryToken
                                                                                                                                                                                                                                          • String ID: %s:[tid %lu][%.06fs - %s:%d]$%s:[tid %lu][%.06fs - %s:%d]%s$%s:[tid %lu][%.06fs - %s:%d]OS error %d$%s:[tid %lu][%.06fs - %s:%d]OS error: %d %s$C:\dvs\p4\build\sw\rel\gpu_drv\r450\r451_65\apps\nvml\win.c$ERROR$INFO$is not
                                                                                                                                                                                                                                          • API String ID: 3061900056-2620382917
                                                                                                                                                                                                                                          • Opcode ID: 8993b719029f425c37ceca3a005ddc76c55bad428e75ae25a7a61ad1e814a569
                                                                                                                                                                                                                                          • Instruction ID: db9859e4b05956d5bac21773af235d39804670005747852866d63169cc63671d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8993b719029f425c37ceca3a005ddc76c55bad428e75ae25a7a61ad1e814a569
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9ED15D31F1CA4685E7109F20B861ABA73A0BF5536CF015376E96E925ADEF3CE1858701
                                                                                                                                                                                                                                          Function 00007FFDF9F37540 Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 267threadfileCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 541 7ffdf9f37540-7ffdf9f37575 call 7ffdf9f38be0 544 7ffdf9f375dd-7ffdf9f3762d CreateFileA GetLastError 541->544 545 7ffdf9f37577-7ffdf9f3757e 541->545 548 7ffdf9f37633-7ffdf9f3763a 544->548 549 7ffdf9f377ab-7ffdf9f3780e call 7ffdf9f3f410 DeviceIoControl GetLastError 544->549 546 7ffdf9f37580-7ffdf9f375ce call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 545->546 547 7ffdf9f375d3-7ffdf9f375d8 545->547 546->547 552 7ffdf9f37a5a-7ffdf9f37a82 call 7ffdf9f3f3e0 547->552 553 7ffdf9f37640-7ffdf9f37657 call 7ffdf9f36650 548->553 554 7ffdf9f37789-7ffdf9f3778c 548->554 565 7ffdf9f379a0-7ffdf9f379af 549->565 566 7ffdf9f37814-7ffdf9f3782a 549->566 568 7ffdf9f376d0-7ffdf9f376d7 553->568 569 7ffdf9f37659-7ffdf9f37660 553->569 556 7ffdf9f3778e call 7ffdf9f38ca0 554->556 557 7ffdf9f377a1-7ffdf9f377a6 554->557 570 7ffdf9f37793-7ffdf9f37795 556->570 563 7ffdf9f37a42-7ffdf9f37a52 557->563 563->552 571 7ffdf9f379d0-7ffdf9f379db CloseHandle 565->571 572 7ffdf9f379b1 565->572 573 7ffdf9f37830-7ffdf9f37847 call 7ffdf9f36650 566->573 574 7ffdf9f3795b-7ffdf9f37966 CloseHandle 566->574 568->554 578 7ffdf9f376dd-7ffdf9f37733 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 568->578 569->554 575 7ffdf9f37666-7ffdf9f376ce call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 569->575 570->557 576 7ffdf9f37797-7ffdf9f3779c 570->576 579 7ffdf9f37a40 571->579 580 7ffdf9f379dd-7ffdf9f379e4 571->580 577 7ffdf9f379b8-7ffdf9f379bb 572->577 594 7ffdf9f378b1-7ffdf9f378b8 573->594 595 7ffdf9f37849-7ffdf9f37850 573->595 582 7ffdf9f3796c-7ffdf9f37973 574->582 583 7ffdf9f37a39-7ffdf9f37a3e 574->583 605 7ffdf9f37738-7ffdf9f3773f 575->605 576->563 577->571 585 7ffdf9f379bd-7ffdf9f379ce 577->585 578->605 579->563 580->583 587 7ffdf9f379e6-7ffdf9f37a0f call 7ffdf9f39550 GetCurrentThreadId 580->587 582->583 589 7ffdf9f37979-7ffdf9f3799e call 7ffdf9f39550 GetCurrentThreadId 582->589 583->563 585->571 585->577 602 7ffdf9f37a16-7ffdf9f37a34 call 7ffdf9f36ad0 587->602 589->602 594->574 598 7ffdf9f378be-7ffdf9f37905 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 594->598 595->574 601 7ffdf9f37856-7ffdf9f378af call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 595->601 615 7ffdf9f3790a-7ffdf9f37911 598->615 601->615 602->583 605->554 610 7ffdf9f37741-7ffdf9f37784 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 605->610 610->554 615->574 617 7ffdf9f37913-7ffdf9f37956 call 7ffdf9f39550 GetCurrentThreadId call 7ffdf9f36ad0 615->617 617->574
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4225874142.00007FFDF9EA1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDF9EA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225838611.00007FFDF9EA0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225945439.00007FFDF9F54000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225992400.00007FFDF9F87000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226027580.00007FFDF9F88000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226123817.00007FFDFA254000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226155190.00007FFDFA256000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdf9ea0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentThread$ConditionMask$CloseErrorHandleLast$ControlCounterCreateDeviceFileFormatInfoMessagePerformanceQueryVerifyVersion
                                                                                                                                                                                                                                          • String ID: %s:[tid %lu][%.06fs - %s:%d]$%s:[tid %lu][%.06fs - %s:%d]OS error %d$%s:[tid %lu][%.06fs - %s:%d]OS error: %d %s$C:\dvs\p4\build\sw\rel\gpu_drv\r450\r451_65\apps\nvml\win.c$ERROR$\\.\NvAdminDevice$d
                                                                                                                                                                                                                                          • API String ID: 905671026-3331120073
                                                                                                                                                                                                                                          • Opcode ID: 8e025a0352fac1caeb2801bb0602051fd7312b4fb17105d4048a997871cbcbc5
                                                                                                                                                                                                                                          • Instruction ID: 63057dbc31a303e2b41eeec355cec21d94a3e72ddf83509236a2f112d7e6e935
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e025a0352fac1caeb2801bb0602051fd7312b4fb17105d4048a997871cbcbc5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65D14E21F1CA4685E7208F20BC61EBA7290BF9536CF555371D96E926EDEF3CE1848701
                                                                                                                                                                                                                                          Function 00007FFDFA8BB430 Relevance: 6.1, APIs: 4, Instructions: 149threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$Window$CurrentForegroundOpenThreadmalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 789327894-0
                                                                                                                                                                                                                                          • Opcode ID: 937775ddef0b002b37e017288ef84546f2489adaf6212b744b1c7808a94c67de
                                                                                                                                                                                                                                          • Instruction ID: 8e0f0bc3d2b034c06b4b0e3f9f5cd89edeb50f8423792c11ead29516d6491a16
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 937775ddef0b002b37e017288ef84546f2489adaf6212b744b1c7808a94c67de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD61AF32B14B4186EB599B25D4547A9B3A0FF89B80F088272DB5E47398EF7CE895C740
                                                                                                                                                                                                                                          Function 00000215A50CF236 Relevance: 2.1, Instructions: 2144COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000003.2068353072.00000215A50CF000.00000004.00000800.00020000.00000000.sdmp, Offset: 00000215A50CF000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_3_215a50cf000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b22de79b66695ab1a0630c672fb3126ae935f56ca963db9d9d6ba055d3bb105a
                                                                                                                                                                                                                                          • Instruction ID: d7c12e9c985528b14d7ed7b76982b42f4bee1453e9fe69e13beb53441c50fa1a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b22de79b66695ab1a0630c672fb3126ae935f56ca963db9d9d6ba055d3bb105a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AE25670A79E488FEB98DB2C901DB647BD1FFA9304F544ADAE04DCB2D2DA61CC418752
                                                                                                                                                                                                                                          Function 00007FFDFA88F4D0 Relevance: 46.0, APIs: 16, Strings: 10, Instructions: 489threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 334 7ffdfa88f4d0-7ffdfa88f542 call 7ffdfa8f76c0 337 7ffdfa88f548-7ffdfa88f54d 334->337 338 7ffdfa88fe8f-7ffdfa88fe95 call 7ffdfa88ffc0 334->338 337->338 340 7ffdfa88f553-7ffdfa88f55b 337->340 342 7ffdfa88f567-7ffdfa88f58d call 7ffdfa9001b4 340->342 343 7ffdfa88f55d-7ffdfa88f55f 340->343 347 7ffdfa88f5fd 342->347 348 7ffdfa88f58f-7ffdfa88f5f6 call 7ffdfa883590 call 7ffdfa8f7910 342->348 343->338 344 7ffdfa88f565 343->344 344->340 350 7ffdfa88f600-7ffdfa88f60c 347->350 358 7ffdfa88f5fb 348->358 352 7ffdfa88f60e-7ffdfa88f619 350->352 353 7ffdfa88f63f-7ffdfa88f64d 350->353 352->353 355 7ffdfa88f61b-7ffdfa88f632 352->355 356 7ffdfa88f678-7ffdfa88f689 call 7ffdfa8f7a90 353->356 357 7ffdfa88f64f-7ffdfa88f659 353->357 355->353 366 7ffdfa88f634-7ffdfa88f639 355->366 364 7ffdfa88f7ac-7ffdfa88f7c4 356->364 365 7ffdfa88f68f-7ffdfa88f692 356->365 357->356 360 7ffdfa88f65b-7ffdfa88f66d 357->360 358->350 360->356 367 7ffdfa88f66f-7ffdfa88f672 360->367 370 7ffdfa88f7ca-7ffdfa88f7ce 364->370 371 7ffdfa88f8a4-7ffdfa88f926 call 7ffdfa9001b4 call 7ffdfa8d6430 364->371 368 7ffdfa88f698-7ffdfa88f69c 365->368 369 7ffdfa88f76a-7ffdfa88f772 365->369 366->353 367->356 368->369 375 7ffdfa88f6a2-7ffdfa88f769 GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 call 7ffdfa882ed0 368->375 372 7ffdfa88f778-7ffdfa88f782 369->372 373 7ffdfa88fe5c-7ffdfa88fe8e call 7ffdfa900310 369->373 370->371 376 7ffdfa88f7d4-7ffdfa88f89f GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 call 7ffdfa882ed0 370->376 391 7ffdfa88f928-7ffdfa88f93a 371->391 392 7ffdfa88f95d-7ffdfa88f97a 371->392 372->373 378 7ffdfa88f788-7ffdfa88f798 372->378 375->369 376->371 378->373 390 7ffdfa88f79e-7ffdfa88f7a7 378->390 390->373 396 7ffdfa88f958 call 7ffdfa9001f0 391->396 397 7ffdfa88f93c-7ffdfa88f94f 391->397 399 7ffdfa88fa60-7ffdfa88fa63 392->399 400 7ffdfa88f980-7ffdfa88f983 392->400 396->392 397->396 405 7ffdfa88f951-7ffdfa88f957 _invalid_parameter_noinfo_noreturn 397->405 403 7ffdfa88fa69-7ffdfa88fa6d 399->403 404 7ffdfa88fb43 call 7ffdfa5d8670 399->404 400->369 408 7ffdfa88f989-7ffdfa88f98d 400->408 403->404 411 7ffdfa88fa73-7ffdfa88fb3e GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 call 7ffdfa882ed0 403->411 415 7ffdfa88fb45-7ffdfa88fb53 404->415 405->396 408->369 409 7ffdfa88f993-7ffdfa88fa54 GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 408->409 409->399 411->404 418 7ffdfa88fb59-7ffdfa88fb5d 415->418 419 7ffdfa88fc3a-7ffdfa88fc3f 415->419 418->419 424 7ffdfa88fb63-7ffdfa88fc33 GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 call 7ffdfa882ed0 418->424 421 7ffdfa88fc45-7ffdfa88fc48 419->421 422 7ffdfa88fd28-7ffdfa88fd39 call 7ffdfa88ffa0 419->422 421->369 426 7ffdfa88fc4e-7ffdfa88fc52 421->426 440 7ffdfa88fe2a-7ffdfa88fe32 422->440 441 7ffdfa88fd3f-7ffdfa88fd49 422->441 424->419 426->369 431 7ffdfa88fc58-7ffdfa88fd1c GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 426->431 431->422 440->373 444 7ffdfa88fe34-7ffdfa88fe3e 440->444 441->440 446 7ffdfa88fd4f-7ffdfa88fd53 441->446 444->373 448 7ffdfa88fe40-7ffdfa88fe50 444->448 446->440 450 7ffdfa88fd59-7ffdfa88fe29 GetCurrentThreadId call 7ffdfa882ab0 _ftime64 call 7ffdfa8830e0 call 7ffdfa883270 call 7ffdfa882ed0 446->450 448->373 460 7ffdfa88fe52-7ffdfa88fe5b 448->460 450->440 460->373
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00007FFDFA88F6B4
                                                                                                                                                                                                                                          • _ftime64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFA88F738
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8830E0: MultiByteToWideChar.KERNEL32 ref: 00007FFDFA883173
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8830E0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFA883245
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA882ED0: ??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ.MSVCP140 ref: 00007FFDFA882F95
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFA88FE8F
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ??1?$basic_ostream@_ByteCharConcurrency::cancel_current_taskCurrentMultiThreadU?$char_traits@_W@std@@@std@@Wide_ftime64_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                          • String ID: MiningSysInfo::Impl::Impl$SysGpuInfoEx.dll$can't find sysGpuInfoGetInstance$can't load SysGpuInfoEx$gpu dll loader$gpu fnc founded$inst ok$invoke failure in minerGetInstance$tance$using old version of gpu info, some features may not work
                                                                                                                                                                                                                                          • API String ID: 2893298658-2005880185
                                                                                                                                                                                                                                          • Opcode ID: e8265a531e505751e5e62878a62924a1118a3e954736a343c93e2e6d35e1b32d
                                                                                                                                                                                                                                          • Instruction ID: 2a66cdb553fed125f29eaccea7ffc4c5d2155ec844116e9df3ff590f17a16531
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8265a531e505751e5e62878a62924a1118a3e954736a343c93e2e6d35e1b32d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA426C36A14BC289E764DF20ECA07E933A4FB44748F548175CA5C8BAADDF78DA48D740
                                                                                                                                                                                                                                          Function 00007FFDF9EA1F6B Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 111threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4225874142.00007FFDF9EA1000.00000020.00000001.01000000.00000016.sdmp, Offset: 00007FFDF9EA0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225838611.00007FFDF9EA0000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225945439.00007FFDF9F54000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4225992400.00007FFDF9F87000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226027580.00007FFDF9F88000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226123817.00007FFDFA254000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226155190.00007FFDFA256000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdf9ea0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CurrentThread$CounterPerformanceQuery
                                                                                                                                                                                                                                          • String ID: %s:[tid %lu][%.06fs - %s:%d]$%s:[tid %lu][%.06fs - %s:%d]Returning %d (%s)$DEBUG$INFO$Unknown Error${$7U$8t$Ft
                                                                                                                                                                                                                                          • API String ID: 1058255813-3583968771
                                                                                                                                                                                                                                          • Opcode ID: b06cf30791b8a018038f0eface54c1596a95ae8c42ffd22b9458740d1eabd2a6
                                                                                                                                                                                                                                          • Instruction ID: a1f3a1d4d99ab51fdc3201c329b7c89755332fdf07fe7131289bc4637b598d3f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b06cf30791b8a018038f0eface54c1596a95ae8c42ffd22b9458740d1eabd2a6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41517621F1CA0785F711DF20BCA0A757291AFA5368F155371D92E926EEEF3CE1859302
                                                                                                                                                                                                                                          Function 00007FFDFA902F40 Relevance: 7.6, APIs: 5, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CompletionCreateErrorLastPort
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 826170474-0
                                                                                                                                                                                                                                          • Opcode ID: 19944a120fb4e48204781fdbd9230a49dbe43a8a292fcdaab0f8f1b74fe701d4
                                                                                                                                                                                                                                          • Instruction ID: 59f0fb6e774402feb17c04078f273480205abbdd3bf8f938b502bd3f384af042
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19944a120fb4e48204781fdbd9230a49dbe43a8a292fcdaab0f8f1b74fe701d4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E51A236704B9181E7589F34E460AAE33A4FB44B98F984178DEAD877D9EF38D491C740
                                                                                                                                                                                                                                          Function 00007FFDFA8BAD30 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BADDA
                                                                                                                                                                                                                                          • _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BAEED
                                                                                                                                                                                                                                          • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FFDFA8BAF04
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BAAD0: _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000090,00000001,00000020,00007FFDFA8BAE31,?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BAC4F
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BAAD0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFA8BAC5C
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BAAD0: _Cnd_do_broadcast_at_thread_exit.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BAC7E
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cnd_do_broadcast_at_thread_exitConcurrency::cancel_current_task_beginthreadex_invalid_parameter_noinfo_noreturnmemcpyterminate
                                                                                                                                                                                                                                          • String ID: n/a
                                                                                                                                                                                                                                          • API String ID: 704501403-2510378651
                                                                                                                                                                                                                                          • Opcode ID: 2677d4dd091a04e731c72899f3ac14627cd9ed0f9a8a995f767a78441701d6a2
                                                                                                                                                                                                                                          • Instruction ID: 9f077f62014a1d17586dfbba251f11215ab7f028576f4f70cdbfebcf9414ad2b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2677d4dd091a04e731c72899f3ac14627cd9ed0f9a8a995f767a78441701d6a2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6861D3B3A18741D7E705CF28E494AADBBA8F744784F554076DB9D436A8CF78E484CB80
                                                                                                                                                                                                                                          Function 00007FFDFA8A8410 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Query_perf_frequency.MSVCP140(?,?,?,?,?,?,00000040,00007FFDFA8A8409), ref: 00007FFDFA8A842C
                                                                                                                                                                                                                                          • _Query_perf_counter.MSVCP140(?,?,?,?,?,?,00000040,00007FFDFA8A8409), ref: 00007FFDFA8A8434
                                                                                                                                                                                                                                          • _Query_perf_frequency.MSVCP140(?,?,?,?,?,?,00000040,00007FFDFA8A8409), ref: 00007FFDFA8A8481
                                                                                                                                                                                                                                          • _Query_perf_counter.MSVCP140(?,?,?,?,?,?,00000040,00007FFDFA8A8409), ref: 00007FFDFA8A8489
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Query_perf_counterQuery_perf_frequency
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1664922221-0
                                                                                                                                                                                                                                          • Opcode ID: 626aba0752317b7e9ace8db7ee0a2771cae91c6725124b51bfbd9e8cb4e97eca
                                                                                                                                                                                                                                          • Instruction ID: cf4f7f38094b49715c27ec76e4323ce2b71bd11daeda5fd8b5c49dfd3a822233
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 626aba0752317b7e9ace8db7ee0a2771cae91c6725124b51bfbd9e8cb4e97eca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901E921B1A78240EF18E761F4320B9A751AF8C7D0F45A072E95F4A7DBCE7CE5508610
                                                                                                                                                                                                                                          Function 00007FFDFA8BAAD0 Relevance: 4.6, APIs: 3, Instructions: 145COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000090,00000001,00000020,00007FFDFA8BAE31,?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BAC4F
                                                                                                                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00007FFDFA8BAC5C
                                                                                                                                                                                                                                          • _Cnd_do_broadcast_at_thread_exit.MSVCP140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FFDFA8BAD19), ref: 00007FFDFA8BAC7E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Cnd_do_broadcast_at_thread_exitConcurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4046612842-0
                                                                                                                                                                                                                                          • Opcode ID: 84ae3a54a5d7a5e5b6dc9908759032258017c3549d85c4f7c03e2da696d96804
                                                                                                                                                                                                                                          • Instruction ID: 55cdc8f021197c677e0fe0667fc4099f5fcde40ff7a3ae4ea959bfc8657c9e7a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84ae3a54a5d7a5e5b6dc9908759032258017c3549d85c4f7c03e2da696d96804
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57412662B24B4592EB08DB65E46097DA390EB04BE0F948675DF7D0B7D9CE7CE091C340
                                                                                                                                                                                                                                          Function 00007FFDFA8D6370 Relevance: 4.5, APIs: 3, Instructions: 44libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ByteCharErrorFreeLastLibraryLoadLocalMultiWide
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2804137622-0
                                                                                                                                                                                                                                          • Opcode ID: ce2b8e99281a3afd6fb4902b57aef3931b6059fb57e98e3c7316af4af7bf8ef8
                                                                                                                                                                                                                                          • Instruction ID: 6a9bb040c9b86bbd441f1c33372c66de5d1adf0e35bf6c0b2ba405b4f6b31417
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce2b8e99281a3afd6fb4902b57aef3931b6059fb57e98e3c7316af4af7bf8ef8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F110621B28A8185EB69CB21E860BAA73A1FF4CB80F444131E99DC37D8DF3CD0948700
                                                                                                                                                                                                                                          Function 00007FFDFA8BB1A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129keyboardCOMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetAsyncKeyState.USER32 ref: 00007FFDFA8BB2E4
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BB430: GetForegroundWindow.USER32 ref: 00007FFDFA8BB463
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BB430: GetWindowThreadProcessId.USER32 ref: 00007FFDFA8BB482
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BB430: GetCurrentProcessId.KERNEL32 ref: 00007FFDFA8BB493
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA8BB430: OpenProcess.KERNEL32 ref: 00007FFDFA8BB4BB
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Process$Window$AsyncCurrentForegroundOpenStateThread
                                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                                          • API String ID: 1542105112-2564639436
                                                                                                                                                                                                                                          • Opcode ID: 5877dbd5eb6de174e2531ed12cbaafa63b735ece7e6dd785517fe7bb2918200f
                                                                                                                                                                                                                                          • Instruction ID: ba73d8984ddd2b5f22fdc52f07dd3b1a89c393eb2affd9cfea60ddec78eee7be
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5877dbd5eb6de174e2531ed12cbaafa63b735ece7e6dd785517fe7bb2918200f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF51C522B2864586EB64EB61D0647BE7360FF88B80F404172DBAE476DADFBCE445C740
                                                                                                                                                                                                                                          Function 00007FFDFA8F76C0 Relevance: 1.7, APIs: 1, Instructions: 155COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _Init_thread_footer.LIBCMT ref: 00007FFDFA8F78FF
                                                                                                                                                                                                                                            • Part of subcall function 00007FFDFA9001B4: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDFA88F4A7,?,?,?,00007FFDFA881010), ref: 00007FFDFA9001CE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Init_thread_footermalloc
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3982718307-0
                                                                                                                                                                                                                                          • Opcode ID: df71afa1a48e5b801a688af477d5d043d94ad5a41ed08c3cb0cd1f0ef4effa85
                                                                                                                                                                                                                                          • Instruction ID: d5fe9a3af46dccc881ff2985595d2a016917388df588572d191e1318e05b6779
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df71afa1a48e5b801a688af477d5d043d94ad5a41ed08c3cb0cd1f0ef4effa85
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6619B3AB29B9286FB588F15D46096973B4FB44BA0B488175DA6D837D8CF3CEC52C740
                                                                                                                                                                                                                                          Function 00007FFDFA8F7910 Relevance: 1.6, APIs: 1, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • _invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,00007FFDFA88F5FB), ref: 00007FFDFA8F7A0B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4226484829.00007FFDFA881000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFDFA880000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226450743.00007FFDFA880000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226547453.00007FFDFA919000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226632552.00007FFDFA94A000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226671351.00007FFDFA94B000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA950000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226707273.00007FFDFA955000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226867413.00007FFDFABDE000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226903500.00007FFDFABE0000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226961720.00007FFDFABE8000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000008.00000002.4226997735.00007FFDFABE9000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffdfa880000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: _invalid_parameter_noinfo_noreturn
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3668304517-0
                                                                                                                                                                                                                                          • Opcode ID: d81c839799c9480389e24dff5fda1a0dd75914873424f17178c1f2ac438cdee5
                                                                                                                                                                                                                                          • Instruction ID: e7fb994e90202c5c3d126becec15e2f90f699f30658ba02cfeb3d1bbab6f2c40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d81c839799c9480389e24dff5fda1a0dd75914873424f17178c1f2ac438cdee5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9316532B14B8582EB088B2AE89472C2374E799F94F598172DB9D07799DF7CD890C380
                                                                                                                                                                                                                                          Function 00000215A5956946 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                                          • API String ID: 0-2852464175
                                                                                                                                                                                                                                          • Opcode ID: 69ca96bb58d89bee790d7c42704c4104bd94409edf1fd458aa64c41a7082a2fe
                                                                                                                                                                                                                                          • Instruction ID: 0805e2c503e343ef65804a32490c52952d915f2af0d9ed3a2453bee6f71879e3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69ca96bb58d89bee790d7c42704c4104bd94409edf1fd458aa64c41a7082a2fe
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0831B23162CE4C8FEF54EB5CE449E59B7E1FBA9710F54059AE008D7256CA31EC40C782
                                                                                                                                                                                                                                          Function 00000215A50C6956 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b5014e03ab521f71bd86185d39dde1fee8c13c8a79bc7d0f4a590a0c92236a73
                                                                                                                                                                                                                                          • Instruction ID: 4b4b80705537c3beb5e0f0f8405944e3f7ed7b78430e452cde43ad0f528d2c61
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5014e03ab521f71bd86185d39dde1fee8c13c8a79bc7d0f4a590a0c92236a73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B65159615ADFC94FF7A5872CA8197947BD0FFAA318F180ADBD484CB2A3E611D8448352
                                                                                                                                                                                                                                          Function 00000215A50C7B65 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 60f9d72527b81730349513e3058c00b8c60a6ff518bdd6f438e275d373d12390
                                                                                                                                                                                                                                          • Instruction ID: 2b90d60fd82158bcac38289255cc20653b7e056fe1bafe3357cc86387e664334
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60f9d72527b81730349513e3058c00b8c60a6ff518bdd6f438e275d373d12390
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D801FB3296CF1C8FEB509E8DB8466D937F0FB58721F1402ABCC089B245DA31A8418AD2
                                                                                                                                                                                                                                          Function 00000215A59551E1 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d7d936d3c20c5506cd3d6178cc92c4007f8df8904536720789f0ddcb91565e2f
                                                                                                                                                                                                                                          • Instruction ID: 01495961bf7e247bd69f5c331c97fc898a84c898dc413ddc53ce0438c561e70c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7d936d3c20c5506cd3d6178cc92c4007f8df8904536720789f0ddcb91565e2f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EF08231A1CE184FF618E6DDB48B9E873D0DBA4320F10058FD80DC35A3E9115C9586C7
                                                                                                                                                                                                                                          Function 00000215A50CC1BA Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210551862.00000215A50CB000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50CB000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50cb000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 51fb0812dc4575483a15a215f96338a62579789fdeb633809d9b069b8376f356
                                                                                                                                                                                                                                          • Instruction ID: 40ea7b3e527530cc945b0f3dbe1217018e1758ca4e1adddc70a8ea5b1ac05042
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51fb0812dc4575483a15a215f96338a62579789fdeb633809d9b069b8376f356
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF01DB31658A188FDF54EEADCC4995C77F1FF68700F5505DD9408D7292C530EC418B41
                                                                                                                                                                                                                                          Function 00000215A50C5754 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0f71825612927ff1033d49e9031bf4d160d1912de84bf7f3c3f5736ea359cb0c
                                                                                                                                                                                                                                          • Instruction ID: 6affee864c2348c9f4493efbc41a7c8fc4b88b3a1b0ebb35ef1cdd7e7b871b9b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f71825612927ff1033d49e9031bf4d160d1912de84bf7f3c3f5736ea359cb0c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BE06D3265CE1C4FFA54EADDB04AAD473C0D7A4224F04029FD40CC66A6D862988087C6
                                                                                                                                                                                                                                          Function 00000215A5953A27 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 422710a8204b1285b78a005abfe068589e23cf07e7ea614be15d1117b5177379
                                                                                                                                                                                                                                          • Instruction ID: 1ef87168e3e9529dcc9427043d942f0a865a05803a211fa36d6580295896ca74
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 422710a8204b1285b78a005abfe068589e23cf07e7ea614be15d1117b5177379
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53E04F3225CF1C4FFA68E9DDB486D9433C1D79833074001DFC40CC759AE816AC9186C6
                                                                                                                                                                                                                                          Function 00000215A50C527F Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 069927b13e9787cd74dbafe850253ed2c0f268bcd496724bd94d36f20fe1cd80
                                                                                                                                                                                                                                          • Instruction ID: 261a24af57a85c152995617864617f0c35a2d3f54ae7f2b4b1cc8ca9a38d1051
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 069927b13e9787cd74dbafe850253ed2c0f268bcd496724bd94d36f20fe1cd80
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27E0ED3244EFC91EE31693E839660A47FA0D96616074806CFC4898B4A7E40A1596D3C7
                                                                                                                                                                                                                                          Function 00000215A50C5823 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ccbfb1eff153a0c69e5bd0e7ba107bff3fc369e530d470b6d4ec5d81b72769b7
                                                                                                                                                                                                                                          • Instruction ID: 554fd89052a40b00eda5b6cd0c9bdc7ca7822006300e3f55ca9c258cae304065
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccbfb1eff153a0c69e5bd0e7ba107bff3fc369e530d470b6d4ec5d81b72769b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59F0C93244EFC80EE72692F9395A4D47F90E95316074806DFC4858B4A7E45A1985C386
                                                                                                                                                                                                                                          Function 00000215A50C0AD6 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a35db4aaf05702d2541ef8a4b9d77e56c056c998e4bfac2e853011c5fdc68fc6
                                                                                                                                                                                                                                          • Instruction ID: c859e22f3e577e6d3067011ee777d06db071c0222606b6ac7027fdbeb00353b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a35db4aaf05702d2541ef8a4b9d77e56c056c998e4bfac2e853011c5fdc68fc6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22E0463225CE5C0FFA58EADDB446EE433C1D7A8230B0045CBC80CC76AAE916AC9087C2
                                                                                                                                                                                                                                          Function 00000215A5954ACD Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bbc7de45c11eefd9fae18455ace5b3ce0fcb9294fa6c5b0572575f8ab4d18f36
                                                                                                                                                                                                                                          • Instruction ID: 2aaf3d1b5fdea56daa1922b3f9401c6df74c93db2802df91c26dc19b4996ecf7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbc7de45c11eefd9fae18455ace5b3ce0fcb9294fa6c5b0572575f8ab4d18f36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49E04F3225CF1C0FFA58E9DCB096DA473C1D7A4230B0001CBD40CC759AE815AC9187C2
                                                                                                                                                                                                                                          Function 00000215A50C5530 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 77b3a73c6424d62a0a4dfbe95e48798ac09c5e9726cb7c57fa472bf70c3572a4
                                                                                                                                                                                                                                          • Instruction ID: 2e21530f81f00a2280c1d01c6c4ce24676a3ea94e47f911e858581b4e922e9d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77b3a73c6424d62a0a4dfbe95e48798ac09c5e9726cb7c57fa472bf70c3572a4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BE0123354DF8C4EF62592D839565E43B90D95627074806CFC459C6497F8061991D1C7
                                                                                                                                                                                                                                          Function 00000215A50C5853 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a18d418e4b35cc66605e3fa5e6d99042848bcc3d07182ab91c5f2cf4dbd6a53e
                                                                                                                                                                                                                                          • Instruction ID: 16486e9ab8a1fc17e9345757a446e0c0a4c905b0f14c1eff5d1d76d475eabb07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a18d418e4b35cc66605e3fa5e6d99042848bcc3d07182ab91c5f2cf4dbd6a53e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8E08C3348CE0C4DFA14A2DC35074E837A0D6A22B0B5042EBC829C54C7F8061591C1C6
                                                                                                                                                                                                                                          Function 00000215A5953AD8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 82854659077a403154c91352e67258b60cd05d316a83919bf3f4aa9c8f4bb155
                                                                                                                                                                                                                                          • Instruction ID: 65ef82b6d60f4c9da7be50eb425ce1846e6a58b2c120983f7587d1b048a00374
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82854659077a403154c91352e67258b60cd05d316a83919bf3f4aa9c8f4bb155
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8FE0173244DE8C5FF626A2E9385B5E87F90DA5623074806CFC448CB8A7E8161896D3C6
                                                                                                                                                                                                                                          Function 00000215A50CBEB3 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210551862.00000215A50CB000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50CB000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50cb000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 803719448d83129ab018221a30d9c9ba56daf0cbd796a1489bc30e913d1307e9
                                                                                                                                                                                                                                          • Instruction ID: 71191f88c4403e9644c4740e5e972b551c9154474375993c929166bbff037463
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 803719448d83129ab018221a30d9c9ba56daf0cbd796a1489bc30e913d1307e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F0E5B025CE489FC784DF299808E993BD0FFA9300F81059EB048C3292D620DC408B05
                                                                                                                                                                                                                                          Function 00000215A50C0B8B Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fd07b850c0e7a4064d8f97c91efd8253bc26b5085f1157966e02071fc49435a0
                                                                                                                                                                                                                                          • Instruction ID: 7f29e6ec31931cae0b118136a32bb90370f5a96375b9145b3fbe9b813d9e8624
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fd07b850c0e7a4064d8f97c91efd8253bc26b5085f1157966e02071fc49435a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11D0C73388CE4C4EFA18E1C838278E8BBA4C612234B1001CBC81CC6882F40609A0D1C2
                                                                                                                                                                                                                                          Function 00000215A50C46CE Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d9ab6faed6957012442968f207a1574db8ed53424f54fc14023f3fba5a9c370c
                                                                                                                                                                                                                                          • Instruction ID: 0746718d339814f33dffc52d69df119b101c1e0f53a1ad58a68c7501d6d9c6a5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9ab6faed6957012442968f207a1574db8ed53424f54fc14023f3fba5a9c370c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE0123644DEDC5EF715D3E434564E47F50DD5622074805CBC85CC64A7D44555D5D283
                                                                                                                                                                                                                                          Function 00000215A5954B21 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b67f8deca5900d59b402f8dd5b78b6e063673f58ea4ac81da7ac316401196ef1
                                                                                                                                                                                                                                          • Instruction ID: 748b5eff296168856ae7ad9d6c16e3337c9713acb7143e9fad616d8cdb259849
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b67f8deca5900d59b402f8dd5b78b6e063673f58ea4ac81da7ac316401196ef1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCE0123245DE9C0EF655D2E834165E47F90C95213074805CBC45CC7897E406189591C6
                                                                                                                                                                                                                                          Function 00000215A5954B82 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bbc14a7d4f0ff56c117d399a924b92885147bf4a5caf276663f3053c42b223ce
                                                                                                                                                                                                                                          • Instruction ID: 4a8947dba2a0064dba89db361d0cba7b59488c8a54b01119747a46234246ae66
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbc14a7d4f0ff56c117d399a924b92885147bf4a5caf276663f3053c42b223ce
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31E05B3345DEDC0FF655D2E834165E47F90C95213474805CFC45CC7897E4061895D1C7
                                                                                                                                                                                                                                          Function 00000215A5954B9E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a53e605bffd5961747e431f9f6c37a9d6e68e37298f2dceed7d959859a3b37bd
                                                                                                                                                                                                                                          • Instruction ID: 639bde2fc90cd9c81aeac8ce4a1b7d214889503fbf2de009cab7920795f6dd9a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a53e605bffd5961747e431f9f6c37a9d6e68e37298f2dceed7d959859a3b37bd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53E05B3349DEDC0FF665D2E834165E47F90C95213074805CFC45CC7897E4061895D2C7
                                                                                                                                                                                                                                          Function 00000215A50C0BA8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d2be134a6cb7a4750dc3b2f15ab0ab23dd6cde82b19f8bccb07af010a993ca68
                                                                                                                                                                                                                                          • Instruction ID: dfbeb93295e0c4a28825fd651d7aef54ba64c0477180611d5ee922c624704731
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2be134a6cb7a4750dc3b2f15ab0ab23dd6cde82b19f8bccb07af010a993ca68
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7D05E3389CE8D4EFA29E1D938275E8BBA0D752278B500ADFCC1CC6897F40A15A4C0C3
                                                                                                                                                                                                                                          Function 00000215A50C0B2C Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 987b67dc80c33522095905a47e5c8785f7c14285a3542520f3a26e9a0095dbff
                                                                                                                                                                                                                                          • Instruction ID: 71ef52c1d75abfbf4b1e3149f7f17684ba8729ca1f848db642a03bfcceaf0325
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 987b67dc80c33522095905a47e5c8785f7c14285a3542520f3a26e9a0095dbff
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2D05E3389CE4D4EFB18E1D938175E87BA0D652274B5006DFC81CC6897F40A15A4C1C3
                                                                                                                                                                                                                                          Function 00000215A50C693C Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4210461031.00000215A50C0000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A50C0000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a50c0000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 30936f27f46ffb322d26f55bfde3d52e175d4cb6c8b8ba78cf2c642f49a52df5
                                                                                                                                                                                                                                          • Instruction ID: 389b4b59641ab384b257cefe56dc4df0ff923d12efe18a9308876c49fc3c1247
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30936f27f46ffb322d26f55bfde3d52e175d4cb6c8b8ba78cf2c642f49a52df5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                          Function 00000215A595260A Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000008.00000002.4218639470.00000215A5950000.00000010.00000800.00020000.00000000.sdmp, Offset: 00000215A5950000, based on PE: false
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_8_2_215a5950000_Adblock.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fb761bc42a16a519a64fa6fee79c2a3a56eb0668d0c42673f0c5ad5acf773d88
                                                                                                                                                                                                                                          • Instruction ID: 831ea05c68a318e6d8031d05e9addd70ee6dd356de0d9eae1fe4a696ecb14cef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb761bc42a16a519a64fa6fee79c2a3a56eb0668d0c42673f0c5ad5acf773d88
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: